vulnerability disclosure

CVE-2024-36350 concerns a transient scheduler attack in the Store Queue of certain AMD processors. The note about the "Corrected CVE number" means that there was previously an error regarding the CVE identifier, but this has since been corrected—this change is informational and does not change...

Each year, as global threats to cybersecurity grow ever more sophisticated, the digital world’s frontline defenders quietly make their impact felt. Microsoft’s Security Response Center (MSRC) has again stepped forward to celebrate those tireless and ingenious individuals by unveiling its list of...

Wing FTP Server, a widely used commercial file transfer solution, has become the focus of intense security scrutiny following the disclosure and real-world exploitation of the remote code execution vulnerability CVE-2025-47812. This critical flaw, actively exploited in the wild, highlights the...

When examining the evolving cybersecurity threat landscape faced by industrial control systems, the recent disclosure of a critical vulnerability within Delta Electronics’ DTM Soft platform stands out as a reminder of the pressing need for proactive software security practices, particularly in...

Regarded as a cornerstone in industrial network management solutions, Siemens SINEC NMS has played a pivotal role in enabling organizations across the globe to centrally control, monitor, and secure their operational technology (OT) infrastructure. With deployment spanning critical manufacturing...

When a misstep in authentication can spell disaster for critical infrastructure, every system administrator, developer, and security professional needs to pay close attention. This is precisely the case with the recently discovered vulnerability in KUNBUS’s Revolution Pi Webstatus—an industrial...

Microsoft’s July Patch Tuesday rollout has landed with a weighty impact, bringing a total of 127 fixes that touch 14 different product families. Security teams, IT administrators, and Windows enthusiasts will find the scale and diversity of this month’s update notable—not only for the sheer...

Microsoft’s July Patch Tuesday 2025 brings a significant security update, marking one of the most substantial patch releases of recent months with remedies for 130 distinct vulnerabilities spread across its product portfolio. While the sheer number of CVEs (Common Vulnerabilities and Exposures)...

As of July 8, 2025, there is no publicly available information regarding a vulnerability identified as CVE-2025-49729 affecting the Windows Routing and Remote Access Service (RRAS). It's possible that this CVE has not been disclosed or documented in public databases. However, there have been...

An often overlooked but crucial component of the Windows ecosystem, the Human Interface Device (HID) class driver, has come under scrutiny following the recent disclosure of a major security vulnerability tracked as CVE-2025-48816. The HID class driver, responsible for translating signals from...

In the ever-evolving landscape of software development, the security of core tools is paramount—none more so than Git, the de facto version control system relied upon by millions of developers and countless organizations worldwide. Recently, the discovery and disclosure of a critical...

Gitk, a popular graphical repository browser bundled with Git, has long served developers as an intuitive and powerful way to inspect version history, review changes, and visualize branching workflows. However, in recent months, a significant vulnerability—CVE-2025-27614—has been disclosed...

Microsoft Defender for Endpoint has long stood as a central pillar in enterprise security, serving as the frontline defense against malware, phishing, and a myriad of sophisticated cyberattacks. However, even the strongest security solutions are not immune from vulnerabilities. In early 2022...

The Microsoft Security Response Center (MSRC) has once again spotlighted excellence and dedication in its 2025 Q2 Security Researcher Leaderboard, reinforcing its status as a linchpin in the global effort to secure Microsoft's vast ecosystem. Each quarter, the security community—comprising...

As industrial control systems (ICS) continue to evolve and the digital backbone of critical infrastructure grows more complex, securing devices at every layer remains a top priority for both operators and manufacturers. The recent vulnerability disclosure impacting Hitachi Energy’s Relion...

When a system designed to keep the lights on for critical infrastructure instead risks shutting them off with a few keystrokes, alarm bells ring far beyond the server room. Such is the case with recent critical security advisories surrounding the Voltronic Power and PowerShield lines of...

A critical new vulnerability—CVE-2025-2403—has brought global attention to Hitachi Energy’s Relion 670/650 series and SAM600-IO, devices central to safeguarding high-voltage infrastructure across the world’s power grids. The flaw, classified as “Allocation of Resources Without Limits or...

Few vulnerabilities in industrial software echo as urgently across both manufacturing and educational sectors as a critical remote code execution flaw, especially when it scores a near-perfect 9.8 on the CVSS v3 scale. This is precisely the case for recent issues reported in several FESTO and...

A significant security vulnerability has been identified in Synology's Active Backup for Microsoft 365 (ABM), potentially exposing sensitive data across all Microsoft 365 tenants utilizing this backup solution. This flaw, designated as CVE-2025-4679, was discovered by the security firm ModZero...

In June 2025, a security vulnerability identified as CVE-2025-6557 was disclosed, highlighting insufficient data validation in the Developer Tools (DevTools) component of Google Chrome. This flaw allowed remote attackers to execute arbitrary code by convincing users to perform specific UI...