Category: CVE
-
CVE-2026-2316: Insufficient policy enforcement in Frames
Vulnerbility: Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CVE CVE-2026-2316 CVSSv3 6.5 Medium Published date 11-Feb-2026 Impact Google Chrome <145.0.7632.45 Explotation None Solution: Update to latest version of Google Chrome
-
CVE-2025-60021: Apache Remote Code Execution
Vulnerability Remote command injection vulnerability in heap profiler built-in service in Apache bRPC ((all versions < 1.15.0)) on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service (/pprof/heap) does not validate the user-provided extra_options parameter and executes it as a command-line argument. Attackers can execute remote commands using…
-
CVE-2025-30401: WhatsApp Security Advisory
Vulnerability: A spoofing issue in Whatapp for window prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachments file name extension.A malicious crafted mismatch could have caused the recipient to inadvertently excute arbitrary code rather than view the attachment when mannually opening the attachment…
-
CVE-2025-55177: WhatsApp Zero click vulnerbility on Apple devices
Vulnerbilites: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability…
-
CVE-2025-55179 WhatsApp security advisiorey
Vulnerability: Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild. CVE CVE-2025-55179…
-
CVE-2025-27840 – Espressif ESP32 chips allow 29 hidden HCI commands
Vulnerability: Impact: Exploitation of these hidden commands could lead to various security risks, including: CVE 2025-27840 CVSS 6.8 Published Date 8-Mar-2025 Impacted Devices IOT devices & Development Boards Exploit Availablity Yes It’s important to clarify that a standard mobile phone itself does not typically contain an ESP32 chip. ESP32 chips are primarily used in: Here’s…
-
CVE-2024-0132: Critical Vulnerability in NVIDIA Container Toolkit
Overview: A critical security vulnerability has been disclosed in NVIDIA Container Toolkit v1.16.2 and NVIDIA GPU Operator v24.6.2. The critical security flaw, if exploited could allow threat actors to break out of the confines of a container and gain full access to the host machine. CVE CVE-2024-0132CVE-2024-0133 CVSS v3 Highest 9.0 Publish Date 09-Sep-2024 Impacted…
-
CVE-2024-7969: Multiple vulnerabilities in Google Chrome
Overview: Multiple vulnerabilities have been reported in Google Chrome, which could allow a remote attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the targeted system. CVE CVE-2024-7969CVE-2024-8193CVE-2024-8194CVE-2024-8198 CVSS v3 Highest 8.8 Publish Date 21-Aug-2024 Impacted Software <=128.0.6613.113/.114 for Windows<=128.0.6613.113/.114 for Mac<=128.0.6613.113 for Linux Exploit availability NO as on post date…
-
CVE-2024-3400 PAN-OS: Command Injection Vulnerability in GlobalProtect
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by…