VulnHub

The launch of the GCVE system aims to provide a decentralized approach to tracking software vulnerabilities, addressing the ongoing issues faced by the 25-year-old CVE program. This initiative comes in response to funding difficulties that have raised concerns about the sustainability of the CVE, a resource widely used by cybersecurity professionals globally. By decentralizing the tracking of vulnerabilities, GCVE hopes to enhance reliability and accessibility for users who need to stay informed about security risks. The success of this system may significantly impact how organizations manage and respond to software vulnerabilities, potentially leading to quicker updates and patches. As cybersecurity threats continue to evolve, having a more resilient tracking system could benefit both developers and end-users.

Anthropic has addressed several critical vulnerabilities found in their Git MCP server, identified by the AI security startup Cyata. The issues include a path validation bypass (CVE-2025-68145), an unrestricted git_init problem (CVE-2025-68143), and an argument injection vulnerability in git_diff (CVE-2025-68144). These vulnerabilities could potentially allow attackers to manipulate Git operations, which could compromise the integrity of code repositories. It is essential for users of the Git MCP server to apply the latest patches to ensure their systems are secure against these threats, as failure to do so may expose them to exploitation. Users are urged to stay informed about these vulnerabilities and take necessary actions to protect their environments.

Zoom and GitLab have rolled out security updates to fix several vulnerabilities, including a critical flaw that could allow remote code execution (RCE) on Zoom Node Multimedia Routers (MMRs). This vulnerability, identified as CVE-2026-22844, poses a significant risk as it could enable an attacker to execute malicious code during a meeting. Additionally, the updates address issues related to denial-of-service (DoS) attacks and two-factor authentication (2FA) bypasses, which could compromise user accounts. Organizations using these platforms should prioritize applying the latest updates to safeguard their systems against potential exploitation. Keeping software up to date is crucial to maintaining security and protecting sensitive data.

TP-Link has addressed a serious vulnerability in its VIGI C and VIGI InSight camera models that allowed remote access to surveillance systems. This flaw, identified as CVE-2026-0629, has a CVSS score of 8.7, indicating high severity. Over 32 models were affected, with more than 2,500 devices exposed to the internet and potentially at risk of being hacked. Attackers could exploit this vulnerability to bypass local network restrictions, putting users' security and privacy in jeopardy. The fix for this issue is crucial for ensuring the safety of surveillance operations for both businesses and individuals who rely on these cameras.

Fortinet has addressed six security flaws, two of which are critical vulnerabilities affecting its FortiFone and FortiSIEM products. These vulnerabilities could potentially allow attackers to exploit the systems without needing any authentication, which raises significant security concerns. Specifically, the flaws could lead to unauthorized access to configuration data or enable the execution of malicious code. Users of these products should prioritize applying the patches provided by Fortinet to safeguard their systems. Given the nature of these vulnerabilities, organizations using FortiFone and FortiSIEM need to act quickly to mitigate any potential risks.

Fortinet has addressed a severe vulnerability in its FortiSIEM product that could allow attackers to execute arbitrary code without authentication. This flaw, known as CVE-2025-64155, has a CVSS score of 9.4, highlighting its potential impact on affected systems. The vulnerability arises from improper handling of special elements in OS commands, which could be exploited by malicious actors. Organizations using FortiSIEM should prioritize applying the latest updates to protect their systems. The existence of such vulnerabilities emphasizes the need for ongoing vigilance in maintaining security protocols and software updates.

A serious vulnerability has been identified in multiple versions of the Apache Struts 2 framework, tracked as CVE-2025-68493. This XML external entity injection flaw could allow attackers to gain unauthorized access to sensitive data, cause denial-of-service attacks, or execute server-side request forgery (SSRF) attacks. Organizations using affected versions of Apache Struts 2 are at risk, which could lead to significant data breaches and disruptions. The issue emphasizes the need for developers and system administrators to ensure their applications are updated and secure against such vulnerabilities. Immediate action is necessary to mitigate potential exploitation.

ServiceNow has reported a serious security vulnerability in its AI Platform that could allow an unauthenticated user to impersonate another user and take actions on their behalf. This flaw, identified as CVE-2025-12420, has a high severity rating of 9.3 out of 10, indicating a significant risk to users. The potential for impersonation means that attackers could exploit this weakness to gain unauthorized access to sensitive information or perform harmful actions. Organizations using ServiceNow's AI Platform should prioritize applying the patch to mitigate this risk and protect their users. The quick response from ServiceNow in addressing this vulnerability is crucial to maintaining trust in their services.

Trend Micro has addressed three vulnerabilities in its Apex Central management console that could potentially allow attackers to execute remote code or launch denial-of-service attacks. These flaws, identified as CVE-2025-69258, CVE-2025-69259, and CVE-2025-69260, were discovered by security researchers from Tenable in August 2025. The vulnerabilities were made public after Tenable released proof-of-concept code, which could enable malicious actors to exploit the weaknesses. Organizations using Apex Central should apply the patches provided by Trend Micro to prevent potential attacks. It is crucial for users to ensure their systems are updated to mitigate any risks associated with these vulnerabilities.

Cisco has released updates to address a medium-severity vulnerability in its Identity Services Engine (ISE) and ISE Passive Identity Connector, identified as CVE-2026-20029. This flaw was brought to light following the publication of a proof-of-concept exploit, raising concerns about its potential exploitation. Organizations using these Cisco products are at risk, as the vulnerability could allow unauthorized access or manipulation of identity services. It’s crucial for affected users to apply the updates promptly to safeguard their networks and data from possible attacks. The quick response from Cisco highlights the ongoing need for vigilance in cybersecurity practices.