Researchers at Rapid7 have identified vulnerabilities in Xerox Versalink C7025 multifunction printers that could enable attackers to steal user credentials. Tracked as CVE-2024-12510 and CVE-2024-12511, these flaws facilitate a "pass-back attack," in which the printer is deceived into returning authentication data to the attacker.
The Qualys Threat Research Unit (TRU) has revealed two newly discovered vulnerabilities in OpenSSH, impacting both clients and servers. Designated as CVE-2025-26465 and CVE-2025-26466, these flaws could allow attackers to carry out machine-in-the-middle (MITM) attacks and denial-of-service (DoS) exploits.
Daily Summary of WordPress critical and high vulnerabilities
Rapid7 researchers have identified a high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL’s interactive tool, psql. Discovered during an investigation into the exploitation of a separate BeyondTrust vulnerability, this flaw enables attackers to execute arbitrary code on impacted systems.
Daily Summary of WordPress critical and high vulnerabilities
A critical vulnerability has been identified in WinZip, potentially enabling remote attackers to execute arbitrary code on affected systems. Designated as CVE-2025-1240, this flaw stems from how WinZip processes 7Z files and could be exploited if a user interacts with a malicious file or webpage.
Multiple critical security flaws have been discovered in the PAM-PKCS#11 login module, a widely used tool for X.509 certificate-based authentication on Linux systems. These vulnerabilities could enable attackers to bypass authentication, gain unauthorized system access, and potentially escalate privileges.
Wazuh, a prominent open-source security solutions provider, has released a critical security advisory about a remote code execution (RCE) vulnerability impacting its platform. Designated as CVE-2025-24016 with a CVSS score of 9.9, this flaw could enable attackers to take full control of affected Wazuh servers.
Daily Summary of WordPress critical and high vulnerabilities
Ivanti has released a security advisory addressing critical vulnerabilities in its Cloud Services Application (CSA). Tracked as CVE-2024-47908 and CVE-2024-11771, these flaws could enable attackers to execute remote code and access sensitive data without authorization.
Daily Summary of WordPress critical and high vulnerabilities
Daily Summary of WordPress critical and high vulnerabilities
Security researcher Hakivvi has released a detailed analysis of CVE-2025-23369 (CVSSv4 7.6), a vulnerability that enables attackers to bypass SAML authentication in GitHub Enterprise.
Apple has released critical security updates for iOS and iPadOS to patch a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in targeted attacks. This flaw enables attackers to bypass USB Restricted Mode on locked devices, potentially exposing sensitive data.
Daily Summary of WordPress critical and high vulnerabilities
Two newly discovered security vulnerabilities have been identified in Zimbra Collaboration, a popular open-source email and collaboration platform. These flaws, tracked as CVE-2025-25064 and CVE-2025-25065, present a significant risk to businesses using Zimbra for email, calendaring, file sharing, and task management. If exploited, they could enable attackers to gain unauthorized access to sensitive data and internal network resources.
A severe security flaw in Microsoft Outlook, identified as CVE-2024-21413, is currently being actively exploited, presenting a major risk to organizations globally. Rated 9.8 out of 10 on the CVSS scale, this vulnerability enables attackers to remotely execute arbitrary code when a user opens a malicious email.
Cisco has released a security advisory regarding two critical vulnerabilities in its Identity Services Engine (ISE), a widely used network security policy management platform. These vulnerabilities, identified as CVE-2025-20124 and CVE-2025-20125, could allow authenticated attackers to execute arbitrary commands with root privileges and bypass authorization controls, posing significant risks to affected systems.
Daily Summary of WordPress critical and high vulnerabilities
Daily Summary of WordPress critical and high vulnerabilities