Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2025-26629: Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#rce#auth#Microsoft Office#Security Vulnerability
CVE-2025-24045: Windows Remote Desktop Services Remote Code Execution Vulnerability

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-25008: Windows Server Elevation of Privilege Vulnerability

Improper Link Resolution Before File Access ('Link Following') in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally.

CVE-2025-24986: Azure Promptflow Remote Code Execution Vulnerability

Improper isolation or compartmentalization in Azure PromptFlow allows an unauthorized attacker to execute code over a network.

Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their

Introducing Red Hat OpenShift Service Mesh 3.0

We are thrilled to announce the general availability of Red Hat OpenShift Service Mesh 3.0. OpenShift Service Mesh is based on the Istio, Envoy and Kiali projects, and is included with the Red Hat OpenShift Container Platform and Red Hat OpenShift Platform Plus. This article provides an overview of Red Hat OpenShift Service Mesh 3.0, including information for existing OpenShift Service Mesh users on how to migrate.OpenShift Service Mesh 3.0 is based on Istio 1.24 and Kiali 2.4. This release is a major update, using a new operator based on the community sail-operator for managing Istio and depl

GHSA-9m63-33q3-xq5x: Vela Server Has Insufficient Webhook Payload Data Verification

### Impact Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit. Any user with access to the CI instance and the linked source control manager can perform the exploit. ### Method By spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. ### Patches `v0.26.3` — Image: `target/vela-server:v0.26.3` `v0.25.3` — Image: `target/vela-server:v0.25.3` ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ There are no workarounds to the issue. ### References _Are there any links users can visit to find out more?_ Please see linked CWEs (common weakness enumerators) for more information.

Cloud IMS: The Confluence of Innovation and Security in Modern Telecommunications

The telecom industry is at a major turning point. With 5G, IoT, and AI reshaping global connectivity, the…