#security-vulnerability

#security-vulnerability

Critical security flaw in Apache Struts 2 allows file upload manipulation, posing severe risks of remote code execution; immediate updates are essential.

Erlang/OTP's SSH implementation has a critical vulnerability allowing remote code execution without authentication, requiring urgent attention and action from security teams.

A critical 9.9-rated unauthenticated RCE flaw is affecting GNU/Linux systems, with no fix yet despite disclosure to developers three weeks ago.

A critical security vulnerability in Apache Parquet allows remote code execution, affecting versions up to 1.15.0.

Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.

Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.

Phishing attacks increasingly exploit legitimate platforms like Google to create convincing scams, putting user security at risk.

Google addresses a severe Chrome vulnerability, CVE-2025-2783, exploited in phishing attacks targeting Russian organizations.

Next.js vulnerability allows trivial authentication bypass, potentially exposing sensitive features to unauthorized users.

Next.js framework has a critical security flaw in its middleware that could affect millions of sites.

Wiz highlights a serious database vulnerability in DeepSeek, underscoring the AI industry's need for improved security measures.

AWS fixed a significant vulnerability in its Cloud Development Kit that could lead to account hijacking for a small percentage of users.

A security vulnerability in Styra's Open Policy Agent could leak NTLM hashes, allowing for credential theft and exploitation.

The flaw is linked to improper input validation leading to unauthorized access.

Google acted promptly to remove a potentially vulnerable software from Pixel smartphones to prevent hacking risks.

No evidence of exploitation was found, but concerns led to proactive security measures.

The Google Cloud Document AI service has a serious vulnerability that remains unaddressed, enabling potential data theft from Cloud Storage.

Mac users with versions before 8.10.36 of 1Password are vulnerable to a bug allowing theft of vault items.

YubiKey devices have a vulnerability that allows cloning, discovered in the Infineon cryptographic library, affecting many models and with moderate exploit difficulty.

YubiKey 5 has a vulnerability that allows cloning if an attacker has temporary physical access.

NinjaLab has revealed a vulnerability in YubiKey 5 Series that enables cloning of the devices, posing risks mainly to sensitive users.