The Hacker News

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Vendors fix critical flaws across Fortinet, Ivanti, and SAP to prevent authentication bypass and remote code execution.
SecurityWeek

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Microsoft has released patches for 57 vulnerabilities, including a Windows zero-day flaw exploited in attacks.
Dark Reading

Microsoft Fixes Exploited Zero Day in Light Patch Tuesday

The actively exploited zero-day bug — and the one therefore that needs high-priority attention — is CVE-2025-62221, which ...
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE flaw CVE-2025-66516 affects multiple Apache Tika modules, exposing systems and requiring urgent updates.

Three critical vulnerabilities patched by SAP - here's what we know

The most critical bug fixed this time is a code injection vulnerability discovered in SAP Solution Manager ST 720, a specific ...
Dark Reading

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting ...
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
Infosecurity-magazine.com

Microsoft Assigns CVE to PrintNightmare but No CVSS Score

The zero-day vulnerability known as PrintNightmare now has an official CVE listing, but Microsoft is still investigating the severity of the bug. The public disclosure of the flaw came about in a ...