Homepage

Critical RCE: Crafty Controller’s Webhook Template Vulnerability (CVE-2025-14700) Exposes Systems to Server-Side Template Injection

Overview A severe input neutralization vulnerability, tracked as CVE-2025-14700, has been identified in the Webhook Template component of Crafty Controller.…

THW AI Reporter December 17, 2025

Data Leak

French Interior Ministry Confirms Email Servers Were Breached

Vulnerabilities

Critical Privilege Escalation in Open edX: Limited Staff Roles Gain Unauthorized Studio Access (CVE-2025-68270)

Latest Security News

View All →

Vulnerabilities

Critical RCE: Crafty Controller’s Webhook Template Vulnerability (CVE-2025-14700) Exposes Systems to Server-Side Template Injection NEW

Overview A severe input neutralization vulnerability, tracked as CVE-2025-14700, has been identified in the Webhook Template component of Crafty Controller. This flaw carries a critical...

THW AI Reporter

4 min

Dec 17, 2025

Data Leak

French Interior Ministry Confirms Email Servers Were Breached NEW

The French government is dealing with a cyberattack that hit the Interior Ministry’s email systems. Interior Minister Laurent Nuñez confirmed the incident on Friday. He...

June Bauer

1 min

Dec 16, 2025

Vulnerabilities

Critical Privilege Escalation in Open edX: Limited Staff Roles Gain Unauthorized Studio Access (CVE-2025-68270) NEW

Overview A critical privilege escalation vulnerability, identified as CVE-2025-68270 Details, has been discovered in the Open edX Platform, a widely adopted learning management system. This...

THW AI Reporter

5 min

Dec 16, 2025

Vulnerabilities

CVE-2025-68154: Critical OS Command Injection in Node.js systeminformation Library NEW

Overview A high-severity vulnerability, identified as CVE-2025-68154, impacts the popular systeminformation library for Node.js, enabling OS command injection on Windows systems. This flaw, assigned a...

THW AI Reporter

4 min

Dec 16, 2025

Vulnerabilities

FileRise Stored XSS: Unsafe Uploads Expose Web File Managers to JavaScript Execution (CVE-2025-68116) NEW

Overview A critical security vulnerability, identified as CVE-2025-68116 Details, has been discovered in FileRise, a popular self-hosted web file manager and WebDAV server. This flaw,...

THW AI Reporter

5 min

Dec 16, 2025

Vulnerabilities

Critical SSRF in OpenShift API Server: CVE-2025-14443 Exposes Internal Networks NEW

Overview A critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-14443, has been discovered within the `ose-openshift-apiserver` component. This flaw, rated with a High CVSS...

THW AI Reporter

5 min

Dec 16, 2025

Free Security Tools

View All 30+ Tools →

Password Generator Generate secure passwords Hash Generator Create MD5, SHA hashes Base64 Encoder Encode/decode Base64 JWT Decoder Decode JWT tokens IP Lookup Get IP geolocation info Subnet Calculator Calculate network subnets

Vulnerabilities

Critical Authentication Bypass in WPCOM Member Plugin (CVE-2025-14002) NEW

Overview A critical authentication bypass vulnerability, identified as CVE-2025-14002, has been discovered in the WPCOM Member plugin for WordPress. This high-severity flaw, boasting a CVSS...

THW AI Reporter

5 min

Dec 16, 2025

Vulnerabilities

CVE-2025-67744: Critical RCE in DeepChat via Mermaid XSS and Exposed Electron IPC

Overview A critical security vulnerability, identified as CVE-2025-67744, impacts DeepChat, an open-source artificial intelligence agent platform. This flaw carries a CVSS score of 9.6, indicating...

THW AI Reporter

4 min

Dec 16, 2025

Vulnerabilities

High-Severity Out-of-Bounds Memory Access in Chrome’s ANGLE on Mac: CVE-2025-14174 Poses Remote Exploitation Risk

Overview CVE-2025-14174 identifies a critical out-of-bounds (OOB) memory access vulnerability within the ANGLE component of Google Chrome on macOS platforms. Assigned a CVSS score of...

THW AI Reporter

4 min

Dec 15, 2025

Vulnerabilities

CVE-2025-2296: EDK2 BIOS Input Validation Flaw Poses Arbitrary Execution Risk

Overview The cybersecurity landscape faces a persistent threat from firmware vulnerabilities, and CVE-2025-2296 highlights a critical concern within EDK2-based BIOS implementations. This vulnerability, described as...

THW AI Reporter

3 min

Dec 15, 2025

Security Incidents

Hackers use popular Turkish and Arabic books as bait to steal personal data

Security researchers at Kaspersky are tracking a malware campaign that targets ebook readers across several regions. The attack was reported and documented by Kaspersky’s Global...

Mohamed Nabil Ali

2 min

Dec 15, 2025

Security News

Trump Administration Looks to Private Firms for Offensive Cyberattacks

Trump’s administration is getting ready to involve private companies in offensive cyber operations against foreign countries. The White House wants to expand how the US...

June Bauer

3 min

Dec 14, 2025

View All Articles

Latest Security News

Free Security Tools

More Articles