cve

Security researchers disclose a critical deserialization flaw and two high-severity bugs in the most widely downloaded AI framework on PyPI, with patches now available.

A command injection vulnerability in Broadcom's VMware Aria Operations is under active exploitation, prompting CISA to set a March 24 federal remediation deadline.

A maximum-severity authentication bypass in Cisco Catalyst SD-WAN has been actively exploited since 2023 by a sophisticated threat actor, prompting a CISA emergency directive requiring federal agencies to patch or disconnect affected systems.

PostgreSQL 18.3, 17.9, 16.13, 15.17, and 14.22 fix regressions introduced when patching five CVEs, including a broken substring() function on non-ASCII text and standby servers halting mid-replication.

A CVSS 9.9 command-injection bug in BeyondTrust Remote Support and Privileged Remote Access lets unauthenticated attackers execute OS commands, echoing the zero-days that gave Chinese state hackers access to the U.S. Treasury in 2024.