Bug Bounty

ewlett Packard Enterprise (HPE) this week announced patches for a critical-severity remote code execution vulnerability in its OneView IT infrastructure management software.

Tracked as CVE-2025-37164 (CVSS score of 10), the security defect can be exploited without authentication, the company notes ...

A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices.

CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX ...

A critical firmware vulnerability affecting motherboards from major manufacturers including Gigabyte, MSI, ASRock, and ASUS has been discovered by Riot Games’ Vanguard anti-cheat team.

The vulnerability, dubbed “Sleeping Bouncer,” allows sophisticated hardware-based cheats to inject malicious code ...

Security researchers from the Whitehat School recently completed an intensive bug-hunting project focused on identifying privilege escalation (LPE) flaws in Windows systems.

The findings reveal critical vulnerabilities in two major attack surfaces: kernel drivers and named pipes areas that ...

Security researchers have disclosed critical vulnerabilities in Airoha-based Bluetooth headphones that enable attackers to compromise connected smartphones through chained exploits.

The three vulnerabilities CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702 affect dozens of popular headphone ...

CISA warned today that two Android zero-day vulnerabilities are under active attack, within hours of Google releasing patches for the flaws.

Both are high-severity Android framework vulnerabilities. CVE-2025-48572 is a Privilege Escalation vulnerability, while CVE-2025-48633 is an Information ...

5G attack
India’s telecoms ministry on Wednesday rolled back its order for smartphone manufacturers to preinstall a government-run cybersecurity app on new devices.

The Ministry of Communications on Monday asked smartphone makers to install the government’s “Sanchar Saathi” app within 90 days and ...

The ArcSearch application for iOS, prior to version 1.45.2, is susceptible to an address bar spoofing vulnerability that occurs during iframe-triggered URI-scheme navigation. This flaw may allow an attacker to manipulate the content displayed in the address bar, leading users to believe they are ...

The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability through the thegem_te_search shortcode. This flaw arises from inadequate input sanitization and output escaping of user-supplied attributes, enabling authenticated ...

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316 ...