Software Vulnerabilities RSS Feeds

Directory0 software vulnerabilities feeds · 18 articlesShow all languages →

Latest

Software Vulnerabilities articles

Critical Remote Code Execution Vulnerability Discovered in Widely Used protobuf.js Library

A critical remote code execution vulnerability has been discovered in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers with nearly 50 million weekly downloads. Proof-of-concept exploit code has been published, making the flaw actively exploitable.

Newstechnologycybersecurityprogramming

bleepingcomputer.com·Hacker News: Front Page·1mo ago·3 min read

Security Vulnerability in iTerm2: 'cat readme.txt' Command Can Enable Arbitrary Code Execution

Insighttechnologycybersecurityprogramming

blog.calif.io1mo ago

Windows Defender Vulnerability Allows Malicious File Persistence Through Cloud Tag Detection

Codetechnologycybersecurityprogramming

github.com1mo ago

macOS Privacy & Security Settings Can Be Misleading About Folder Access

Insighttechnologysecuritysoftware vulnerabilities

eclecticlight.co1mo ago

PHP 8 Sandbox Escape Exploit: Use-After-Free Vulnerability Bypasses disable_functions

Codetechnologycybersecurityprogramming

github.com2mo ago

Roundcube Webmail Vulnerability Allows Email Tracking Despite Image Blocking

Newstechnologycybersecurityprogramming

nullcathedral.com3mo ago

OpenSSL Vulnerability CVE-2025-15467: Stack Overflow with Remote Code Execution Risk

Insighttechnologysecuritycybersecurity

research.jfrog.com4mo ago

Security Vulnerability in Claude Cowork Enables File Exfiltration via Prompt Injection

The article reveals a security vulnerability in Anthropic's Claude Cowork feature, demonstrating how it can be exploited for file exfiltration attacks through indirect prompt injection. The vulnerability stems from unresolved isolation flaws in Claude's code execution environment

Insighttechnologysecurityai safety

promptarmor.com·Hacker News: Front Page·4mo ago·6 min read

Notion AI Vulnerability Enables Data Exfiltration Through Prompt Injection Attacks

Notion AI has a security vulnerability that allows data exfiltration through indirect prompt injection attacks. The vulnerability occurs because AI document edits are saved before user approval, enabling attackers to embed malicious prompts in documents like resumes or web pages

Insighttechnologysecuritycybersecurity

promptarmor.com·Hacker News: Front Page·4mo ago·5 min read

Memory Disclosure Vulnerability Discovered in Ruby 4.0.0's Array#pack Method

A security researcher discovered a memory disclosure vulnerability in Ruby 4.0.0's Array#pack method that allows reading memory beyond allocated string buffers. The vulnerability, found in Ruby MRI (the canonical implementation), enables out-of-bounds memory access but has limite

Insighttechnologysecurityprogramming

nastystereo.com·Hacker News: Front Page·4mo ago·3 min read

Security Researchers Discover RCE Chain in PostHog Analytics Platform Through SSRF, ClickHouse Zero-Day, and Default PostgreSQL Credentials

Insighttechnologysecuritycybersecurity

mdisec.com5mo ago

First CVE Vulnerability Discovered in Linux Kernel's Rust Code

Newstechnologyprogramminglinux security

phoronix.com5mo ago

Critical RCE Vulnerability in React Server Components Affects React 19.x and Next.js 15.x/16.x

Codetechnologycybersecurityprogramming

github.com5mo ago

Critical Vulnerability in GoSign Desktop Allows Remote Code Execution via Insecure Updates

Security researcher Pasquale 'sid' Fiorillo discovered a critical vulnerability in GoSign Desktop software (version <= 2.4.0) that allows remote code execution through insecure update mechanisms and TLS bypass. The vulnerability exploits disabled TLS certificate verification when a proxy is configured, combined with unsigned update manifests. The vendor, Tin

Newstechnologysecuritycybersecurity

ush.it6mo ago

Critical Chromium Browser Vulnerability: DoS Attack via document.title API Exploitation

Codetechnologycybersecurityprogramming

github.com7mo ago

ASP.NET Core HTTP Request/Response Smuggling Vulnerability (CVE-2025-55315)

Newstechnologycybersecurityprogramming

nvd.nist.gov7mo ago

Critical Redis Vulnerability (CVE-2025-49844) Allows Remote Code Execution with Maximum CVSS Score

Wiz Research has discovered a critical remote code execution vulnerability (CVE-2025-49844, nicknamed #RediShell) in Redis, the widely used in-memory data structure store. The vulnerability has a maximum CVSS score of 10.0 and stems from a 13-year-old Use-After-Free memory corrup

Newstechnologysecuritycybersecurity

wiz.io·Hacker News: Front Page·7mo ago·5 min read

Critical Buffer Overflow Vulnerability Discovered in cURL Cookie Parsing Mechanism

Newstechnologysecuritycybersecurity

hackerone.com8mo ago