The critical vulnerability allows attacks to escape the in-memory data store’s Lua sandbox and subsequently execute arbitrary ...

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

Unity Technologies has released a patch to fix a security vulnerability that could have allowed malicious code execution in ...

A project known as RoboPAIR demonstrated that carefully crafted prompts can coerce robot controllers, including the Unitree ...

A vulnerability in the popular gaming and application editor Unity can allow attackers to load arbitrary libraries and ...

Three vulnerabilities have been patched in OpenSSL, including one that allows an attacker to recover the private key.

CERT-In issues high-severity alerts for Microsoft products and Google Chrome vulnerabilities, warning of remote code ...

Microsoft links Storm-1175 to GoAnywhere flaw CVE-2025-10035, exploited since September for Medusa ransomware.

Unity fixed a security flaw in its gaming engine that allowed malicious apps to hijack permissions and target mobile crypto ...

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to ...

Security boffins say the Clop cybercriminal gang has been rummaging through Oracle's E-Business Suite (EBS) for months – and ...

CVEs & Vulnerabilities of September 2025 reveal a wave of high-impact flaws that security teams cannot afford to ignore. From unauthenticated exploits in FreePBX to privilege escalation in Android and ...