SecurityVulnerability.io

Collecting, Enriching,
and Displaying
Cyber Security Vulnerabilities

Trending
Vulnerabilities

If it's trending, then it's probably important. Patch quicker!

Sandbox Escape Vulnerability in Firefox for Windows

CVE-2025-2857
MozillaFirefox👾10CRITICAL

Ingress-nginx Configuration Vulnerability in Kubernetes

CVE-2025-1097
KubernetesIngress-nginx👾🟡8.8HIGH

Unauthenticated Access Vulnerability in CrushFTP by CrushFTP, Inc.

CVE-2025-2825
CrushftpCrushftp💰👾🟡9.8CRITICAL

Deserialization of Untrusted Data Vulnerability in Sitecore CMS and XP

CVE-2019-9874
SitecoreExperience P...👾9.8CRITICAL

Sandbox Escape Vulnerability in Mojo of Google Chrome

CVE-2025-2783
GoogleChrome💰👾8.3HIGH

Security Feature Bypass in Microsoft Management Console

CVE-2025-26633
MicrosoftWindows 10 V...💰👾7HIGH

Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure

CVE-2025-0282
IvantiConnect Secure💰👾🟡🟣9CRITICAL

Vite Frontend Development Tool Susceptible to File Access Vulnerability

CVE-2025-30208
ViteVite👾🟡

Remote Code Execution and Information Disclosure Vulnerability in Apache Tomcat Software

CVE-2025-24813
ApacheApache Tomcat👾🟡🟣9.8CRITICAL

Trending Cyber News

Read about it, before you get ransomware!

favicon image@derspiegel

Pete Hegseth, Mike Waltz, Tulsi Gabbard: Private Data and Passwords of Senior U.S. Security Officials Found Online

Donald Trump's most important security advisers used Signal to discuss an imminent military strike. Now, reporting by DER SPIEGEL has found that the contact data of some of those officials, including mobile phone numbers, is freely accessible on the internet.

favicon imageCyberScoop

Trump issues executive order seeking greater federal control of elections 

The order seeks to withhold federal funding from states that don’t comply, sparking a heated backlash from legal and election experts.

favicon imageWIRED

Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes

Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.

favicon imageBleepingComputer

Oracle Health breach compromises patient data at US hospitals

A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers.

favicon imageTNGlobal

Singapore's new Shared Responsibility Framework compels banks & telcos to prevent phishing scams - TNGlobal

Under the SRF, financial institutions and telcos are required to implement a number of safeguards to protect and monitor fraudulent activities, as well as scam filtering tools and real-time alerts to warn consumers.

favicon imageCardinal News

I drove 300 miles in rural Virginia, then asked police to send me their public surveillance footage of my car. Here's what I learned.

Two police officers walked into a doughnut shop.  It’s not the opening line of a joke; it’s what I saw as I was working on an early draft of this story in March at the Staunton Dunkin’, about a quarter mile...

favicon imageBleepingComputer

Oracle customers confirm data stolen in alleged cloud breach is valid

Despite Oracle denying a breach of its Oracle Cloud federated SSO login servers and the theft of account data for 6 million people, BleepingComputer has confirmed with multiple companies that associated data samples shared by the threat actor are valid.

favicon imageCyberScoop

Trump’s ‘preparedness’ executive order would shift cyber defense burden where it doesn’t belong, experts say

Many cyber experts are panning a new Trump administration executive order that would shift more responsibilities for responding to cyberattacks to state and local governments.

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp

Water Gamayun exploited CVE-2025-26633 to deploy SilentPrism, DarkWisp, and stealers with persistence.

Apache Tomcat: CVE-2025-24813: Active Exploitation

Learn about CVE-2025-24813 affecting Apache Tomcat products. Patch now to prevent remote code execution.