A recently disclosed critical vulnerability in the Ninja Forms – File Uploads plugin for WordPress (CVE‑2026‑0740) allows unauthenticated remote attackers to upload arbitrary files, potentially leading to remote code execution and full site compromise. Severity level:- CVSS Score: 9.8/Critical. Description:- The Ninja Forms – File Uploads plugin for WordPress fails to properly validate uploaded file […]
A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE‑2026‑30903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths. Severity level:- CVSS Score: 9.6/Critical Description:- Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this component fails to properly validate […]
A newly disclosed Apple zero‑day vulnerability (CVE‑2026‑20700) allows attackers with memory‑write capabilities to execute arbitrary code on affected devices. Severity level:- CVSS Score: 7.8/high Description:- CVE‑2026‑20700 is a memory corruption vulnerability affecting Apple’s dyld (Dynamic Link Editor) component. Dyld is responsible for loading dynamic libraries and linking application code within Apple operating systems. Improper state […]
A recently discovered vulnerability in the Kubernetes ingress-nginx controller (CVE‑2026‑24512) allows attackers to execute arbitrary code by exploiting improper sanitization of user‑supplied ingress path data. Severity level:- CVSS Score: 8.8/high Description:- Ingress‑NGINX is a widely used open‑source Kubernetes ingress controller responsible for managing inbound traffic to cluster services. A vulnerability exists in ingress‑nginx where the […]
A recently discovered Notepad++ vulnerability (CVE‑2025‑15556) allows attackers to execute arbitrary code by exploiting insecure update integrity verification. Severity level CVSS Score: 7.7/high Description:-  Notepad++ is a free and open-source source code editor. A vulnerability exists in Notepad++ versions prior to 8.8.9 involving the WinGUp updater, which fails to cryptographically verify downloaded update metadata and […]
A critical remote authentication bypass vulnerability (CVE-2026-24061) has been disclosed in the GNU InetUtils telnetd server, affecting versions 1.9.3 through 2.7. Severity level CVSS Score: 9.8/Critical. Description:- CVE-2026-24061 is an argument injection / authentication-bypass vulnerability in the telnetd component of GNU InetUtils. During Telnet NEW-ENVIRON negotiation, telnetd passes the attacker-controlled USER environment variable directly to […]
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. Severity level CVSS Score: 8.7/High Description:- CVE-2025-14847, known as MongoBleed, is a heap-memory disclosure vulnerability in MongoDB Server. It arises in the server’s zlib compression handling logic, specifically in how it parses compressed network messages. By […]
Microsoft has released security updates to address a vulnerability in Windows PowerShell (CVE-2025-54100) that could allow local users to execute arbitrary code when using the Invoke-WebRequest cmdlet. Severity level CVSS Score: 7.8/high Description:- CVE-2025-54100 is a command injection vulnerability in Windows PowerShell, specifically affecting the Invoke-WebRequest cmdlet. The flaw occurs because PowerShell automatically parses HTML […]
The React team released a security advisory regarding a critical vulnerability, CVE-2025-55182, in the React server that could allow an unauthenticated, remote attacker to perform remote code execution on an affected device or system. Severity level:- CVSS Score: 10.0 / Critical. Description:- The vulnerability has been identified in React Server Components (also known as React.js […]
Microsoft has released a security update to address a zero-day vulnerability in the Windows Kernel (CVE-2025-62215) that could allow attackers to escalate privileges to System level. Severity level:- CVSS Score: 7.0 /High. Description:- Windows Kernel is the core component of the Windows operating system responsible for managing system resources and hardware interactions. CVE-2025-62215 is a […]