CISA Adds Seven Known Exploited Vulnerabilities to Catalog

CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2008-4250link is external Microsoft Windows Buffer Overflow Vulnerability CVE-2009-1537link is external Microsoft DirectX NULL Byte Overwrite Vulnerability...

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one i...

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft on Tuesday rolled out its first security update for 2026, addressing 114 security flaws, including one vulnerability that it said has been actively exploited in the wild. Of the 114 flaws, eight are rated Critical, and 106 are rated Important in severity. As many as 58 vulnerabilities...

Google patches 107 Android flaws, including two being actively exploited

Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified of all issues at least a month...

PT-2025-48372

Actively exploited CVE : CVE-2025-20833...

PT-2025-45578

Name of the Vulnerable Software and Affected Versions QNAP versions prior to 5.2.7.3297 build 20251024 QuTS hero versions prior to h5.2.7.3297 build 20251024 QuTS hero versions prior to h5.3.1.3292 build 20251024 Description The software contains an improper neutralization of argument delimiters ...

EUVD-2021-17927

Malware in sbrugna...

EUVD-2023-27629

Malicious code in bioql PyPI...

EUVD-2023-31912

Malicious code in bioql PyPI...

PT-2025-39523

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 15.0 through 38.0 Description The Pexip Infinity software contains an issue with Improper Access Control in the Secure Scheduler for Exchange service when used with Office 365 Legacy Exchange Tokens. This allows a remot...

Update your Chrome today: Google patches 4 vulnerabilities including one zero-day

Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it they have "zero days" to fix it. This update is...

PT-2025-37004

Actively exploited CVE : CVE-2024-01987...

Vulnerabilities fixed in N-able N-Central

N-able has fixed vulnerabilities in N-Central. The vulnerabilities include insecure deserialization that poses the risk of command execution, and command injection that stems from improper sanitization of user input. An attacker could exploit these vulnerabilities to execute unauthorized commands...

PT-2025-33075

Name of the Vulnerable Software and Affected Versions: N-able N-Central versions prior to 2025.3.1 N-able N-Central versions prior to 2024.6 Hotfix 2 Description: A deserialization of untrusted data issue exists in N-able N-Central, potentially allowing for local execution of code. This...

webkitgtk: Arbitrary Remote Code Execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

webkitgtk: type confusion may lead to arbitrary code execution

A flaw was found in WebKitGTK. Processing malicious web content may lead to remote code execution due to a type confusion issue. This vulnerability is known to be actively exploited in the wild and was included in the CISA's KEV catalog...

PT-2025-25458

Name of the Vulnerable Software and Affected Versions Display Virtualization for Windows OS versions prior to 1797 Description An uncontrolled search path issue exists in some Display Virtualization for Windows OS software. This may allow an unprivileged software adversary with an authenticated...

PT-2025-25189 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is being actively exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Google fixes another actively exploited vulnerability in Chrome, so update now!

Google has released an update for the Chrome browser to patch an actively exploited flaw. The update brings the Stable channel to versions 137.0.7151.68/.69 for Windows and Mac and 137.0.7151.68 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up...

CVE-2023-41991

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7...