Bug Bounty

A vulnerability has been identified in Samsung's Mobile and Wearable Processors, specifically within the Exynos series. The flaw arises from a lack of NULL checks, enabling attackers to exploit this weakness through the transmission of malformed MM packets. This exploitation results in a Denial of ...

A memory management vulnerability has been identified across various Apple operating systems, including macOS, iOS, and more. This issue arises from a double free error, which can lead to unexpected system termination when exploited by malicious applications. To address this flaw, Apple has released ...

A logic issue present in certain versions of macOS has been found to potentially allow applications to access sensitive user information without proper authorization. This vulnerability has been addressed with improved restrictions in the latest updates for macOS Ventura, Sonoma, and Sequoia ...

Authlib, a Python library utilized for building OAuth and OpenID Connect servers, has a significant vulnerability associated with its handling of JWE tokens. Specifically, prior to version 1.6.5, the library's implementation allows for unbounded DEFLATE decompression when the zip=DEF parameter is ...

A critical remote code execution vulnerability has been discovered in the on-premise edition of LANSCOPE Endpoint Manager that allows unauthenticated attackers to run arbitrary commands with high privileges on affected systems.

Tracked as CVE-2025-61932, the flaw impacts both the Client Program (MR ...

A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document.

The AI then encoded the data into a malicious Mermaid diagram that, when clicked, sent the stolen information to an ...

GeoVision embedded IP devices, specifically the GV-BX1500 and GV-MFD1501 models, are susceptible to a remote command injection flaw via the/PictureCatch.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands on the affected devices remotely. Observations indicate that this ...

Veeam has released Patch 12.3.2.4165 for Backup & Replication, resolving three significant security flaws that could expose organizations to remote code execution and privilege escalation risks.

Published on October 14, 2025, the update addresses two critical CVE-2025-48983 and CVE-2025-48984 ...

Google has begun rolling out the latest Stable channel update for Chrome desktop users, advancing the browser to version 141.0.7390[.]107/.108 on Windows and macOS, and 141.0.7390[.]107 on Linux.

This release, announced on October 14, 2025, introduces performance refinements and bug fixes, but its ...

A newly disclosed vulnerability in the Apache ActiveMQ NMS AMQP Client has sent shockwaves through the messaging middleware community.

Tracked as CVE-2025-54539, this deserialization of untrusted data flaw carries an important severity rating and can allow malicious AMQP servers to execute ...