Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-cgfj-hj93-rmh2: Shopware allows Denial Of Service via password length

### Impact It's possible to pass long passwords that leads to Denial Of Service via forms in Storefront forms or Store-API. ### Patches Update to Shopware 6.6.10.3 or 6.5.8.17 ### Workarounds For older versions of 6.4, corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.

ghsa
Open in Source
#vulnerability#dos#auth
Google fixes two actively exploited zero-day vulnerabilities in Android

Google has issued patches for 62 vulnerabilities in Android, including two actively exploited zero-days.

Year in Review: Key vulnerabilities, tools, and shifts in attacker email tactics

From Talos' 2024 Year in Review, here are some findings from the top targeted network device vulnerabilities. We also explore how threat actors are moving away from time sensitive lures in their emails. And finally we reveal the tools that adversaries most heavily utilized last year.

Online Gaming Risks and How to Avoid Them

Online gaming has become an integral part of modern entertainment, with millions of players connecting from all over…

CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation

A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged of active exploitation in the wild. The vulnerability is a case of authentication bypass that could permit an unauthenticated attacker to take over susceptible instances. It has

CVE-2025-29819: Windows Admin Center in Azure Portal Information Disclosure Vulnerability

**What type of information could be disclosed by this vulnerability?** The type of information that could be disclosed if an attacker successfully exploited this vulnerability includes unauthorized read-only access to the local file system.

CVE-2025-24060: Microsoft DWM Core Library Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.