A recently discovered Notepad++ vulnerability (CVE‑2025‑15556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level CVSS Score: 7.7/high Description:- Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically verify downloaded update metadata and […]
A critical remote authentication bypass vulnerability (CVE-2026-24061) has been disclosed in the GNU InetUtils telnetd server, affecting versions 1.9.3 through 2.7. Severity level CVSS Score: 9.8/Critical. Description:- CVE-2026-24061 is an argument injection / authentication-bypass vulnerability in the telnetd component of GNU InetUtils. During Telnet NEW-ENVIRON negotiation, telnetd passes the attacker-controlled USER environment variable directly to […]
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. Severity level CVSS Score: 8.7/High Description:- CVE-2025-14847, known as MongoBleed, is a heap-memory disclosure vulnerability in MongoDB Server. It arises in the server’s zlib compression handling logic, specifically in how it parses compressed network messages. By […]
Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet. Severity level CVSS Score: 7.8/high Description:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML […]
The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]
Microsoft has released a security update to address a zero-day vulnerability in the Windows Kernel (CVE-2025-62215) that could allow attackers to escalate privileges to System level. Severity level:- CVSS Score: 7.0 /High. Description:- Windows Kernel is the core component of the Windows operating system responsible for managing system resources and hardware interactions. CVE-2025-62215 is a […]
Microsoft has released an urgent out-of-band security update to address a critical remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw tracked as CVE-2025-59287, poses a direct risk to organizations that utilizes WSUS to manage Windows updates. Severity level:- CVSS Score: 9.8 /Critical. Description:- Windows Server Update Services (WSUS) is a […]
Meta has released security updates to address a vulnerability (CVE-2025-55177) in WhatsApp that could allow an attacker to process arbitrary content on a target device via unauthorized synchronization messages. Severity level:- CVSS Score: 5.4/Medium. Description:- WhatsApp is a widely used messaging platform across iOS and macOS. CVE-2025-55177 is a vulnerability caused by incomplete authorization of linked […]
Docker has released security updates to address a vulnerability (CVE-2025-9074) that could potentially allow an attacker to break out of the confines of a container. Severity level:- CVSS Score: 9.3/Critical. Description:- Docker Desktop is a widely used containerization platform for Windows and macOS. CVE-2025-9074 is a critical vulnerability caused by Docker Desktop exposing its internal […]
A new vulnerability has been identified in Zoom Clients for Windows (CVE-2025-49457) which could allow remote attackers to escalate privileges via an untrusted search path. Severity level CVSS Score: 9.6/Critical Description:- Zoom is a widely used video conferencing and collaboration platform. CVE-2025-49457 is an untrusted search path vulnerability arises from improper handling of DLL search […]