Flaw

According to the Trellix research team, they patched nearly 62,000 open-source projects that were vulnerable to a 15-year-old path traversal vulnerability in the Python programming ecosystem. The organization stated that...

Akamai researchers have published a proof-of-concept (PoC) for a vulnerability in a Microsoft tool that enables the Windows application development interface to deal with cryptography. The vulnerability, CVE-2022-34689, was discovered...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in unpatched versions of the Control Web Panel, a popular free, closed-source web-hosting interface. The vulnerability allows remote code execution without...

According to ARMO researchers, The Kyverno admission controller for container images has a high-severity security vulnerability. Using a malicious image repository or MITM proxy, the bug (CVE-2022-47633) can be exploited...

The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two-year-old security flaws, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), affecting the TIBCO Software JasperReports...

Eufy denies claims that its cameras can be live streamed without encryption. Eufy stated that it does not upload identifiable footage to the cloud from its camera streams using VLC...

Vedere Labs researchers recently discovered three new security flaws in a long list of flaws collectively tracked as OT:ICEFALL. The flaws are said to affect operational technology (OT) products from...

The long-awaited OpenSSL bug fixes to fix a critical severity security hole are available now. New OpenSSL patches have reduced the severity of the bug from critical to high. The...

We continue to look at the code issues that cause the vulnerabilities impacting the IT world. In this installment of our five-part blog series exploring these bugs, we go through...

Microsoft Internet Information Services (IIS), a web server that enables hosting of websites and web applications, is being exploited by the Cranefly hacking group to deploy and control malware on...

Major operating system vendors, software publishers, email providers and technology companies that integrate OpenSSL into their products have been asked to prepare for a possible “critical” vulnerability in versions 3.0...