SecurityVulnerability.io
Collecting, Enriching,
and Displaying
Cyber Security Vulnerabilities
Trending
Vulnerabilities
If it's trending, then it's probably important. Patch quicker!
Sandbox Escape Vulnerability in Firefox for Windows
CVE-2025-2857
MozillaFirefox👾10CRITICAL
Unauthenticated Access Vulnerability in CrushFTP by CrushFTP, Inc.
CVE-2025-2825
CrushftpCrushftp💰👾🟡9.8CRITICAL
Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure
CVE-2025-0282
IvantiConnect Secure💰👾🟡🟣9CRITICAL
Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software
CVE-2025-24813
ApacheApache Tomcat👾🟡🟣9.8CRITICAL
Path Traversal Vulnerability in reggie 1.0 by 1902756969
CVE-2025-0401
1902756969👾🟡
Authorization Bypass in Next.js Framework by Vercel
CVE-2025-29927
VercelNext.js👾🟡🟣9.1CRITICAL
Sandbox Escape Vulnerability in Mojo of Google Chrome
CVE-2025-2783
GoogleChrome💰👾8.3HIGH
Local File Inclusion Vulnerability in Kubio AI Page Builder for WordPress
CVE-2025-2294
ExtendthemesKubio Ai Pag...👾9.8CRITICAL
URL Spoofing Vulnerability in React Router and Remix by Remix Run
CVE-2025-31137
Remix-runReact-router👾7.5HIGH
Get Notified When
SecurityVulnerability.io
Launches Alerting 🔔
Well keep you posted 📧
Trending Cyber News
Read about it, before you get ransomware!
@derspiegelPete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online
Donald Trump's most important security advisers used Signal to discuss an imminent military strike. Now, reporting by DER SPIEGEL has found that the contact data of some of those officials, including mobile phone numbers, is freely accessible on the internet.
CyberScoopTrump issues executive order seeking greater federal control of elections
The order seeks to withhold federal funding from states that don’t comply, sparking a heated backlash from legal and election experts.
Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes
Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.
Oracle Health breach compromises patient data at US hospitals
A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.
TNGlobalSingapore's new Shared Responsibility Framework compels banks & telcos to prevent phishing scams - TNGlobal
Under the SRF, financial institutions and telcos are required to implement a number of safeguards to protect and monitor fraudulent activities, as well as scam filtering tools and real-time alerts to warn consumers.
Industrial CyberMarlink Cyber debuts with expanded capabilities to tackle growing cybersecurity, compliance demands
Marlink, vendor of managed services for business-critical IT solutions, announced the creation of Marlink Cyber, a cybersecurity company to address the growth of cyber threats and the increasing need for...
Cardinal NewsI drove 300 miles in rural Virginia, then asked police to send me their public surveillance footage of my car. Here's what I learned.
Two police officers walked into a doughnut shop. It’s not the opening line of a joke; it’s what I saw as I was working on an early draft of this story in March at the Staunton Dunkin’, about a quarter mile...
Oracle customers confirm data stolen in alleged cloud breach is valid
Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.
CyberScoopTrump’s ‘preparedness’ executive order would shift cyber defense burden where it doesn’t belong, experts say
Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments.
CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability
Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.
The Blog
Advice from the first line...