Security news aggregator

Latest coverage for CVE

Stay informed on the latest CVE entries. Explore critical vulnerabilities and exposures to safeguard your systems from cyber threats and attacks.

10 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

CVE is a global system of standardized identifiers for publicly known cybersecurity vulnerabilities. Each record, typically written as CVE-YYYY-NNNN, gives a vulnerability a stable reference and usually includes a description, affected products or versions, and links to advisories or fixes. The CVE Program coordinates the assignment and publication of records through authorized organizations, allowing researchers, vendors, security tools, and defenders to discuss the same flaw without relying on different names.

Practitioners use CVE identifiers to match vulnerabilities across asset inventories, scanners, patch advisories, and threat-intelligence reports. A CVE is an identity, not a severity score or proof that a system is exploitable: prioritization should also consider the affected configuration, exposure, available mitigations, exploit activity, and business impact. Delays in identifying vulnerable versions can leave internet-facing services or embedded components exposed, while incomplete product-to-CVE mapping can cause missed remediation. Security teams should verify the affected versions and vendor guidance before patching or applying workarounds.

Showing 10 most recent headlines Filtered view

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution.  The flaws, per watchTowr Labs, are listed below - CVE-2025-53693 - HTML cache poisoning through unsafe reflections CVE-2025-53691 - Remote code execution (RCE) through insecure deserialization CVE-2025-53694 -

Bank Info Security 10 months, 2 weeks ago

Chinese Telecom Hackers Strike Worldwide

US and Allies Warn About Persistent and Long Term Access to Network EquipmentThe Chinese hackers responsible for breaking into telecom networks across the globe capitalize on already documented vulnerabilities, principally in Cisco routing equipment, warn a slew of national cybersecurity agencies. Hackers use publicly known vulnerabilities with CVE designations.

Bank Info Security 10 months, 3 weeks ago

Citrix NetScaler Devices Yet Again Under Attack

Citrix Publishes Patches After Attackers Exploit Memory Overflow VulnerabilityNetScaler customers of virtualization giant Citrix once again should patch immediately to stymie the hackers exploiting a zero-day. Citrix warned Tuesday that hackers are using a memory overflow vulnerability now tracked as CVE-2025-7775. The vulnerability carries a CVSS score of 9.2.