ZDI-25-295: Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required... 21/05/2025 Zero-Day Initiative
ZDI-25-294: Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain... 21/05/2025 Zero-Day Initiative
Mozilla Fixes Two Actively Exploited Zero-day Vulnerabilities in Firefox (CVE-2025-4919 & CVE-2025-4918) Mozilla released a security advisory to address two critical severity vulnerabilities in Firefox. Tracked as CVE-2025-4919 & CVE-2025-4918, the vulnerabilities... 20/05/2025 Qualys-Threat-Protect
Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664) Google released a security advisory to address a zero-day vulnerability tracked as CVE-2025-4664 CVE-2025-4664 is an insufficient policy enforcement in... 15/05/2025 Qualys-Threat-Protect
Fortinet Addresses Code Execution Vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder & FortiCamera (CVE-2025-32756) Fortinet released a security advisory to address a critical severity vulnerability impacting FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. Tracked as... 15/05/2025 Qualys-Threat-Protect
Microsoft Patch Tuesday, May 2025 Security Update Review Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products.... 14/05/2025 Qualys-Threat-Protect
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2025-25014) Kibana released a security advisory to address a critical severity tracked as CVE-2025-25014. Successful exploitation of the prototype pollution vulnerability... 09/05/2025 Qualys-Threat-Protect
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188) Cisco released a security advisory to address a vulnerability in its IOS XE Wireless Controller that could enable an unauthenticated,... 09/05/2025 Qualys-Threat-Protect
FreeType Out-of-Bounds Write Vulnerability Added to CISA Known Exploited Vulnerabilities Catalog (CVE-2025-27363) Google released its May 2025 security updates for Android, addressing 45 security vulnerabilities. One of the 45 vulnerabilities is an... 07/05/2025 Qualys-Threat-Protect
CISA Warns of Actively Exploited Langflow Remote Code Execution Vulnerability (CVE-2025-3928) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a critical severity vulnerability impacting Langflow, a tool designed... 06/05/2025 Qualys-Threat-Protect
