5/23
Critical NETGEAR Router Flaw Enables Full Admin Access via Hidden Backdoor
Dozens of malicious packages on NPM collect host and network data
ViciousTrap Uses Cisco Flaw to Build Global Honeypot
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges
Fortinet Zero-Day Under Attack: PoC Now Publicly Available
Print Security Warning: Canon Printers Exposed to Data Theft
ModSecurity DoS Flaw: PoC Available for Apache Vulnerability
DragonForce Engages in “Turf War” for Ransomware Dominance
Ivanti EPMM Under Attack: Zero-Day RCE Exploited by China-Linked UNC5221
5/22
U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its KEV catalog
Critical Vulnerability in Netwrix Password Manager Enables Authenticated RCS
Cityworks Zero-Day Vul Used by UAT-638 to Infect IIS Servers with Malware
Linux Kernel Zero-Day SMB Vulnerability Discovered via ChatGPT
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
GitLab Patches High-Severity Flaws: DoS and 2FA Bypass Fixed
Cisco ISE RADIUS Vul Allows Attackers to Trigger Denial of Service Condition
Grafana Zero-Day Vul Allows Attackers to Redirect Users to Malicious Sites
Langroid Flaws (CVSS 9.8) Expose LLM Apps to RCE
Attackers Exploit BIND DNS Vul to Crash Servers Using Malicious Packets
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Host
5/21
PowerDNS Vul Allows Attackers to Trigger DoS Attacks Through Malicious TCP
Palo Alto Networks Warns of XSS Flaw with PoC Exploit Code
Critical Remote Code Execution Flaw Hits Lexmark Printers
Critical CVSS 9.8 RCE Flaw in vLLM Exposes AI Hosts to Remote Attacks
Critical containerd Vulnerability: Malicious Images Can Hijack Host Filesystem
CISA Alerts: Vertiv Products Vulnerable to RCE, Auth Bypass (CVSS 9.8)
PoC Available: TP-Link Archer AX50 Flaw Allows Remote Root Access
Is Your Unix Automation Secure? Critical Broadcom Flaw Poses High Risk
Critical OpenPGP.js Flaw Allows Message Signature Spoofing
5/20
Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation
CISA Includes MDaemon Email Server XSS Flaw in KEV Catalog
Critical Risk (CVSS 9.9): samlify Flaw Exposes SSO in Widely Used Library
Critical Vulnerability in VMware Cloud Foundation Exposes Sensitive Data
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
High DoS Risk: Multer Flaws Threaten Millions of Node.js Apps
SAP NetWeaver: Zero-Day Allows File Uploads, Qilin Ransomware Connection
High Risk (CVSS 9.8): Motors Theme Flaw Exposes 22,000+ WordPress Sites
High-Risk RAGFlow Flaw: Account Takeover Possible (No Patch, PoC Available)
Can Your Firewall Be Hacked? Severe Flaws Found in pfSense
Leaky WordPress: Private Post Titles at Risk for 1 Billion Sites
5/19
CISA Adds Six Known Exploited Vulnerabilities to Catalog
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
PoC Released: iOS Kernel Flaw Allows File System Modification
Confluence Under Attack: Hackers Leverage Vul for RDP Access and RCE
Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads
Critical Risk (CVSS 9.1): Auth0-PHP SDK Flaw Threatens 16M+ Downloads
High DoS Risk: Tornado’s Default Parser Exposes Apps (CVE-2025-47287)
XSS Vulnerability Discovered in Label Studio: Update Now!
5/18
glibc Vulnerability Puts Millions of Linux Systems at Risk of Code Execution
Race Condition in Windows Remote Desktop Gateway Enables RCE – PoC
High-Risk Flaw in Python Web Framework Reflex Account Takeover
Critical Flaw in OpenText OBM Exposes Enterprises to Privilege Escalation
5/16
CVE-2025-47539: Critical Privilege Escalation Flaw Hits WordPress Eventin
Selenium Library WebDriverManager Hit by Critical XXE CVE-2025-4641
Pgpool-II Hit by Critical CVE-2025-46801: Lets Attackers Bypass Auth
Jenkins Plugin Flaws: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass
SonicWall SMA1000 Flaw (CVE-2025-40595) Enables Stealth SSRF Attacks
IoT OT Security News 