#security-flaw tag

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

A critical security flaw in Magento's REST API allows unauthenticated attackers to upload malicious executables, risking code execution and account takeover.

Information security

fromSocial Media Today

2 months ago

WhatsApp Tests Usernames as Primary Connection Display

A flaw allowed extraction of over 3.5 billion WhatsApp phone numbers via random-number enumeration, enabling large-scale spam and scams.

Privacy technologies

fromIT Pro

7 months ago

Microsoft patched a critical vulnerability in its NLWeb AI search tool - but there's no CVE (yet)

A critical flaw in NLWeb enables remote users to read sensitive files without authorization.

fromIT Pro

8 months ago

Cisco warns of critical flaw in Unified Communications Manager - so you better patch now

Cisco has released patches for a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, CVE-2025-20309, carries a CVSS score of 10.0, allowing an attacker to log in using the root account with static credentials that cannot be changed. Cisco advises users to upgrade to the latest version or apply the CSCwp27755 patch as there are no workarounds.

Privacy professionals

fromZDNET

8 months ago

Does your Brother printer have an unpatchable security flaw? How to check - and what you can do

Hundreds of Brother printer models have been found to harbor a serious security flaw that can't be fully patched on existing devices.

Privacy professionals

fromThe Hacker News

11 months ago

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

An incomplete patch for a security flaw in the NVIDIA Container Toolkit poses risks of unauthorized access and denial-of-service attacks.