CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. ...
-
Daily CyberSecurity
Code Injection Flaws Threaten NVIDIA’s Isaac-GROOT Robotics Platform
NVIDIA has issued a security update to address two high-severity vulnerabilities in its NVIDIA Isaac-GROOT software. Isaac-GROOT is an open foundation model for generalized humanoid robot reasoning an ...
-
Daily CyberSecurity
vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings
A newly disclosed high-severity vulnerability in vLLM—one of the fastest-growing open-source inference engines for large language models—allows attackers to crash servers or potentially execute arbitr ...
-
Daily CyberSecurity
CERT/CC Warns of Unpatched Root-Level Command Injection Flaws in Tenda 4G03 Pro and N300 Routers (CVE-2025-13207, CVE-2024-24481)
The CERT Coordination Center (CERT/CC) has issued a warning about multiple unpatched command injection vulnerabilities affecting Tenda’s 4G03 Pro and N300 series routers. The flaws, which allow attack ...
-
Daily CyberSecurity
Critical ABB Flaw (CVE-2025-10571, CVSS 9.6) Allows Unauthenticated RCE and Admin Takeover on Edgenius
ABB has issued an urgent cybersecurity advisory warning customers of a critical authentication bypass vulnerability in the ABB Ability Edgenius Management Portal. The flaw—tracked as CVE-2025-10571—af ...
-
Daily CyberSecurity
Critical Markdown to PDF Flaw (CVE-2025-65108, CVSS 10.0) Allows RCE via JS Injection in Markdown Front-Matter
A critical vulnerability (CVE-2025-65108) has been disclosed in the widely used Markdown to PDF npm package, a command-line tool with more than 47,000 weekly downloads. The flaw carries a maximum CVSS ...
-
The Register
Weaponized file name flaw makes updating glob an urgent job
Infosec In Brief Researchers have urged users of the glob file pattern matching library to update their installations, after discovery of a years-old remote code execution flaw in the tool's CLI. Glob ...
-
TheCyberThrone
SonicWall SSLVPN Vulnerability CVE-2025-40601
November 23, 2025A critical vulnerability was discovered affecting SonicWall firewalls’ SSLVPN service, identified as CVE-2025-40601. This stack-based buffer overflow flaw allows unauthenticated remot ...
-
CybersecurityNews
Cybersecurity News Weekly Newsletter – Fortinet, Chrome 0-Day Flaws, Cloudflare Outage and Salesforce Gainsight Breach
Welcome to this week’s edition of the Cybersecurity News Weekly Newsletter, where we analyze the critical incidents defining the current threat landscape. If this week has taught us anything, it is th ...
-
CybersecurityNews
Critical Vulnerability in Azure Bastion Let Attackers Bypass Authentication and Escalate privileges
A critical vulnerability in Azure Bastion (CVE-2025-49752) allows remote attackers to bypass authentication mechanisms and escalate privileges to administrative levels. The flaw, categorized as an aut ...