A vulnerability in Revive Adserver, identified as CVE-2025-55129, has been reported. This vulnerability involves an incomplete list of disallowed inputs, allowing for potential impersonation attacks.

A critical zero-click iMessage exploit chain, dubbed "Glass Cage", has been identified targeting iOS 18 devices. This attack leverages multiple vulnerabilities, CVE-2025-24085, CVE-2025-24201, and CNVD-2025-07885.

A high-severity vulnerability was identified in the Dovecot IMAP Server versions 2.4.0 and 2.4.1. The flaw resides in the authentication cache mechanism, which can cause users to gain access to incorrect accounts due to improper cache key handling.

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the layout functionality of Total.js version 5013. This flaw allows attackers to inject malicious JavaScript payloads into layout templates.

A longstanding DoS vulnerability exists in Apache Struts2 and related frameworks due to unsafe deserialization of arrays and collections. This flaw allows attackers to craft minimal requests that result in the creation of massive data structures.

A critical vulnerability has been identified in Total.js version 5013 that allows users to change their account password without providing the current password. This flaw can lead to unauthorized account access and potential privilege escalation.

A high-severity SQL injection vulnerability (CVE-2025-52664) has been identified in Revive Adserver version 6.0.0. The flaw resides in the admin-search.php script and is exploitable via the keyword parameter using either GET or POST methods.

Successful exploitation allows execution of malicious scripts in the administrator’s browser context. However, the session cookie cannot be accessed or stolen via JavaScript.

A critical vulnerability (SYSS-2025-015) has been identified in Verbatim Keypad Secure USB 3.2 Gen 1 drives (Part Numbers #49427 and #49428), even after applying the latest firmware update v1.0.0.6.

A critical vulnerability persists in the Verbatim Store 'n' Go Secure Portable SSD even after applying the latest security update (v1.0.0.6). The flaw enables offline brute-force attacks, allowing unauthorized access to encrypted data.