Tuesday, May 6, 2025

CVE/vulnerability

Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild

A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active exploit, security researchers from Arctic Wolf have warned. The flaw, tracked as CVE-2024-7399, allows unauthenticated attackers to...

CISA Issues Alert on Langflow Vulnerability Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent alert regarding an actively exploited vulnerability in Langflow, a popular open-source framework for building...

MediaTek Fixes Multiple Security Flaws in Smartphone, Tablet, and TV Chipsets

MediaTek, a leading provider of chipset technology for smartphones, tablets, AIoT, and smart TVs, has released critical patches addressing several security vulnerabilities across its...

Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access

Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow...

Apache Parquet Java Vulnerability Enables Remote Code Execution

A high-severity vulnerability (CVE-2025-46762) has been discovered in Apache Parquet Java, exposing systems using the parquet-avro module to remote code execution (RCE) attacks. The flaw,...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical vulnerabilities found in widely used Industrial Control Systems (ICS). Released on...

CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used...

Netgear EX6200 Flaw Enables Remote Access and Data Theft

Security researchers have disclosed three critical vulnerabilities in the Netgear EX6200 Wi-Fi range extender that could allow remote attackers to gain unauthorized access and...

Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code

A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own hacking competition, allows attackers to execute malicious code remotely via...

Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code

A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked...

SonicWALL Connect Tunnel Vulnerability Could Allow Attackers to Trigger DoS Attacks

A newly disclosed vulnerability in SonicWall’s Connect Tunnel Windows Client could allow malicious actors to trigger denial-of-service (DoS) attacks or corrupt files, according to...