CVE-2025-31324 pose significant risks to organisations using SAP NetWeaver Visual Composer. This critical vulnerability, with a severity rating of 10.0, highlights a serious flaw in the software’s metadata uploader, which lacks proper authorisation controls. This… Read More »CVE-2025-31324: Critical Vulnerability in SAP NetWeaver
On March 4, 2025, Broadcom issued a critical security advisory addressing three zero-day vulnerabilities in VMware products that were actively exploited in the wild. These high-risk vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, affect VMware… Read More »Broadcom Patches Three VMware Zero-Day Vulnerabilities Exploited in the Wild
A new vulnerability has emerged in the past few days that requires immediate attention. CVE-2025-21391, identified as an elevation of privilege vulnerability within Windows Storage, has been officially recognised by Microsoft. With an EPSS score… Read More »CVE-2025-21391: Critical Zero-Day Vulnerability in Windows Storage
With so many websites using WordPress with plugins installed, security is a key component often overlooked, especially when dealing with user authentication. CVE-2025-1061 highlights a critical vulnerability in a common plugin used to let users sign in with social accounts… Read More »WordPress users at risk of vulnerability in plugin used by thousands. Urgent action needed
Technical Overview THIS IS A NEW VULNERABILITY; IT HAS NOT YET RECEIVED AN CVE SCORE. URGENT UPDATES REQUIRED CVE-2025–24200 is an authorisation vulnerability affecting iOS and iPadOS devices. Specifically, it allows a physical attacker to… Read More »CVE-2025–24200: Addressing the new iPadOS USB Restricted Mode Vulnerability.
CentOS is a discontinued OS. If you are still using this, please upgrade where available. CVE-2021-31324 is a vulnerability found in the unprivileged user portal of the CentOS Web Panel. This flaw is particularly concerning… Read More »CentOS Web Panel Vulnerability: CVE-2021-31324: Critical Command Injection