Vulnerability News

A recently identified vulnerability in the Brave browser has raised significant security concerns for its users. The issue, tracked as CVE-2025-23086, affects desktop versions of Brave from 1.70.x to 1.73.x.  It involves a flaw in how the browser displays the origin of a site in the file selector dialog during file upload or download prompts.  The post Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One appeared first on Cyber Security News.

A critical vulnerability has been identified in Apache CXF, a widely used open-source framework for web services.  This flaw, tracked as CVE-2025-23184, allows attackers to exploit the CachedOutputStream class, potentially causing a Denial of Service (DoS) by overwhelming system resources. The issue is officially tracked by Apache with the identifier CXF-7396. The issue stems from The post Apache CXF Vulnerability Let Attackers Push Systems to Trigger DoS Condition appeared first on Cyber Security News.

The Debian Long Term Support (LTS) team has released a security update for the 389-ds-base LDAP server, addressing several critical vulnerabilities. Notably, An LDAP vulnerability CVE-2021-3652, affecting version 1.4.4.11-2 of the package, has now been resolved in the updated release for Debian 11 “Bullseye” (version 1.4.4.11-2+deb11u1). Users are strongly encouraged to update their systems promptly The post Debian LDAP Server Vulnerabilities Allow Attackers Authenticate as Users appeared first on Cyber Security News.

A critical vulnerability in Windows BitLocker, identified as CVE-2025-21210, has exposed the encryption mechanism to a novel randomization attack targeting the AES-XTS encryption mode.  This vulnerability allows attackers with physical access to manipulate ciphertext blocks, causing sensitive data to be written to disk in plaintext. The flaw underscores the evolving sophistication of attacks against full-disk The post Windows BitLocker Vulnerability(CVE-2025-21210) Exploited in Randomization Attack appeared first on Cyber Security News.

A critical vulnerability (CVE-2024-13454) has been identified in Easy-RSA versions 3.0.5 through 3.1.7 when used with OpenSSL 3.  This flaw allows private Certificate Authority (CA) keys to be encrypted using the outdated and weak cipher DES-EDE3-CBC (commonly referred to as 3DES), making them susceptible to brute-force attacks. Easy-RSA, a utility for managing Public Key Infrastructure The post OpenVPN Easy-RSA Vulnerability Enables Bruteforce of Private CA Key appeared first on Cyber Security News.

Cybersecurity researchers have identified significant vulnerabilities within the Mercedes-Benz User Experience (MBUX) infotainment system, leading to unauthorized remote access capabilities.  The Mercedes-Benz User Experience (MBUX) system serves as the sophisticated infotainment backbone for various models, including the A-Class, E-Class, GLE, GLS, and EQC.  MBUX integrates advanced features such as voice recognition, augmented reality navigation, and The post Mercedes-Benz User Experience Systems Exploited to Gain Remote Access appeared first on Cyber Security News.

A critical buffer overflow vulnerability, identified as CVE-2024-54887, has been discovered in TP-Link TL-WR940N routers, specifically affecting hardware versions 3 and 4 with firmware version 3.16.9 and earlier.  This flaw allows authenticated attackers to execute arbitrary code remotely, posing a significant security risk to users. The root cause appears to be a buffer overflow in The post TP-Link Router Buffer Overflow Vulnerability Exploited to Execute Code appeared first on Cyber Security News.

A segmentation fault vulnerability has been identified in the popular command-line text editor Vim, affecting versions before 9.1.1043.  This flaw, CVE-2025-24014, exposes users to a potential crash when operating Vim in silent Ex mode (-s -e) under specific conditions.  The vulnerability arises from improper handling of binary characters, leading to an out-of-bounds write scenario. Vim The post Vim Command Line Text Editor Vulnerability Tiggers Potential Crash appeared first on Cyber Security News.

A zero-day vulnerability in the Windows Common Log File System (CLFS) driver, designated as CVE-2024-49138. This critical flaw, identified by CrowdStrike’s Advanced Research Team, allows attackers to escalate privileges to SYSTEM level without requiring user interaction, posing significant risks to Windows systems, particularly those running the latest Windows 11 (23H2) version. The Cybersecurity and Infrastructure The post Windows Common Log File System Zero-day Vulnerability (CVE-2024-49138) Exploited appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Aviatrix Controllers to its Known Exploited Vulnerabilities Catalog. The flaw, identified as CVE-2024-50603, has been assigned the maximum CVSS score of 10.0, indicating its severe nature and potential for widespread impact. The vulnerability, an OS command injection flaw, allows unauthenticated attackers to The post CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild appeared first on Cyber Security News.