Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe Commerce is a composable ecommerce solution that lets you quickly create global, multi-brand B2C and B2B experiences.
A vulnerability has been discovered in Google Chrome. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs, and more.
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system.
Multiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiAnalyzer is a log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate...
A vulnerability has been discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways which could allow for remote code execution. Ivanti Connect Secure (formerly Pulse Connect Secure) is a widely deployed SSL VPN solution that provides secure and controlled access...
Multiple vulnerabilities have been discovered in Mozilla products. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs, and more.
Multiple vulnerabilities have been discovered in IBM AIX, the most severe of which could allow for arbitrary code execution. IBM AIX is a secure and reliable Unix operating system designed for IBM's Power Systems. It supports modern applications and provides strong...
The DNA genetic testing company 23andMe recently filed for bankruptcy and is preparing to sell the company. In the meantime, the 23andMe platform holds a vast amount of personal and potentially valuable data that may be at risk of not being protected before the sale.
A critical vulnerability (CVE-2025-29927) in Next.js, a JavaScript framework, was recently disclosed that could allow a threat actor to bypass authentication in the middleware layer to gain access to targeted systems. The vulnerability is trivial to exploit.
A vulnerability has been discovered in CrushFTP, which could allow for unauthorized access. CrushFTP is a proprietary multi-protocol, multi-platform file transfer server. The vulnerability is mitigated if the DMZ feature of CrushFTP is in place. Click to read more.
