cve vulnerabilities

Sequoia’s OpenPGP library contains a denial-of-service bug tracked as CVE-2025-67897: the library’s aes_key_unwrap routine panics when it’s fed an abnormally short ciphertext, allowing a remote attacker to crash any application that attempts to decrypt a specially crafted OpenPGP message...

The Linux kernel received a targeted fix for a subtle but consequential deadlock in the DRM scheduler: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb, tracked as CVE‑2025‑40329. The patch restructures how the scheduler handles fence callbacks and dependency re‑arming to avoid an...

CISA has issued a high‑severity industrial control systems (ICS) advisory describing an unauthenticated Telnet command‑line interface in Güralp Systems seismic monitoring devices that can be remotely accessed with no credentials, enabling attackers to modify hardware settings, manipulate seismic...

The Linux kernel has been assigned CVE-2025-40297 after syzbot reported a use‑after‑free in the bridge code that could be triggered when Multiple Spanning Tree (MST) handling bypasses a port’s state during deletion, allowing FDB learning to race with port teardown; upstream maintainers fixed the...

A Linux kernel bug in the Btrfs filesystem — tracked as CVE-2025-39779 — can cause write-ordering guarantees to be violated by prematurely clearing the PAGECACHE_TAG_TOWRITE tag on subpage folios, with downstream effects that include kernel assertions, crashes, and availability failures...

A focused, low-level kernel bug in the Qualcomm MSM DRM driver has been assigned CVE‑2025‑40247 after maintainers fixed a faulty error‑path in the page‑table preallocation cleanup that could cause a kernel NULL pointer dereference and host instability; operators who run kernels that include the...

Siemens has published a sweeping security advisory for SiPass integrated (all versions prior to V3.0) that catalogs four distinct vulnerabilities — including a high‑severity Accusoft ImageGear heap overflow and multiple web/application flaws — and urges immediate upgrades to V3.0 or later while...

Microsoft corrected a potentially catastrophic identity flaw in Entra ID that could have allowed cross‑tenant impersonation of any user — including Global Administrators — by abusing undocumented internal tokens and a validation gap in a legacy API; the publicly tracked identifier for this issue...

In a world increasingly defined by digital interdependence, every alert from a leading cybersecurity authority merits close scrutiny. The Cybersecurity and Infrastructure Security Agency (CISA) has reaffirmed this reality by recently expanding its Known Exploited Vulnerabilities Catalog (KEV)...

In the rapidly evolving world of industrial automation, the integrity and security of update management software remain paramount. The latest vulnerabilities uncovered in the Mitsubishi Electric MELSOFT Update Manager highlight the ongoing cyber risks faced by industrial environments worldwide...

Outlook users are about to experience a new layer of email security as Microsoft expands its efforts to safeguard users from sophisticated attack vectors. In July, Microsoft will block two additional file attachment types—.library-ms and .search-ms—within Outlook, specifically targeting the...

The ever-evolving landscape of cybersecurity poses a formidable challenge for organizations reliant on Microsoft Windows. Nowhere was this more apparent than in April 2025, when Microsoft’s disclosure of CVE-2025-29824—a zero-day privilege escalation flaw in the Windows Common Log File System...

In an era of heightened cybersecurity threats and relentless attacks targeting major software ecosystems, maintaining the integrity of desktop management utilities is non-negotiable. Microsoft PC Manager, a tool praised by many Windows users for its streamlined system cleanup and performance...

Tucked away among the countless cryptic folders of a typical Windows 11 installation lies a new arrival – the now-infamous ‘inetpub’ directory, a seemingly innocuous feature rolled out with the April 2025 security update. But if Windows update history is anything to go by, “innocuous” is just a...

Even the most unassuming boxes hiding away in locked industrial cabinets get their day in the cybersecurity spotlight, and today, the unblinking gaze is turned on the Schneider Electric Sage Series. If you had “vulnerabilities in remote terminal units” on your bingo card—even if you didn’t—strap...

Windows 11 continues to surprise its users. The latest April 2025 cumulative update—KB5055523—has introduced an unexpected twist: the creation of an empty "inetpub" folder in the root of the C: drive, even on systems where Internet Information Services (IIS) is not installed. While the folder’s...

Windows 10 users, consider this your wake-up call—if you haven’t already updated your system, now is the time. With up to 240 million PCs potentially exposed to six actively exploited vulnerabilities, the current Patch Tuesday release is not just another routine update. Instead, it aims to plug...

Paragon Partition Manager Vulnerabilities Shake Up Windows Security In the ever-evolving world of cybersecurity, a new breed of threats has emerged surrounding a widely used storage management tool. Recent investigations reveal that critical vulnerabilities in the Paragon Partition Manager’s...

Microsoft’s latest Patch Tuesday update has arrived with a modest set of 63 fixes—certainly a lighter load compared to January’s mega-dump, but don’t let the seemingly smaller numbers fool you. Beneath the surface, several vulnerabilities deserve sharp attention, especially for Windows users...

Microsoft’s latest major update for Windows 11 (KB5031455) has introduced native support for 11 new compression formats within File Explorer, expanding the system's file management capabilities to include popular formats such as RAR and 7z. While this update is a boon for those who manage...