Live
Linux Kernel CVE-2025-40331: SCTP TOCTOU Vulnerability Explained·MSFT +0.1%HDF5 CVE-2025-6818 Heap Overflow: Critical Vulnerability in 1.14.6 Explained·NVDA +3.0%CVE-2025-2924: HDF5 Heap Overflow PoC Is Public—Here’s How Windows Users Should Respond·GOOGL +1.2%Microsoft's 'In Scope by Default' Bug Bounty Revolution: What It Means for Windows Security·AMZN +2.9%CVE-2025-14523: Libsoup Host Header Vulnerability Threatens GNOME & Windows Apps·MSFT +0.1%CVE-2025-14087: Critical GLib GVariant Heap Corruption Threatens Linux & Windows Apps·NVDA +3.0%GRUB2 CVE-2025-61663 Critical Vulnerability: Patch Your Bootloader Now·GOOGL +1.2%CVE-2025-49179: X.Org Record Extension Vulnerability Threatens Linux & Windows Subsystem Security·AMZN +2.9%Linux Kernel CVE-2025-40331: SCTP TOCTOU Vulnerability Explained·MSFT +0.1%HDF5 CVE-2025-6818 Heap Overflow: Critical Vulnerability in 1.14.6 Explained·NVDA +3.0%CVE-2025-2924: HDF5 Heap Overflow PoC Is Public—Here’s How Windows Users Should Respond·GOOGL +1.2%Microsoft's 'In Scope by Default' Bug Bounty Revolution: What It Means for Windows Security·AMZN +2.9%CVE-2025-14523: Libsoup Host Header Vulnerability Threatens GNOME & Windows Apps·MSFT +0.1%CVE-2025-14087: Critical GLib GVariant Heap Corruption Threatens Linux & Windows Apps·NVDA +3.0%GRUB2 CVE-2025-61663 Critical Vulnerability: Patch Your Bootloader Now·GOOGL +1.2%CVE-2025-49179: X.Org Record Extension Vulnerability Threatens Linux & Windows Subsystem Security·AMZN +2.9%

Vulnerability

The latest Vulnerability coverage — news, analysis, and updates from the WindowsNews.AI desk.

12 stories in view AI assisted desk updated 3:45 AM
Latest Most Read Breaking
Sort
Linux Kernel · Sctp

Linux Kernel CVE-2025-40331: SCTP TOCTOU Vulnerability Explained

The Linux kernel security landscape has seen another critical vulnerability emerge, with CVE-2025-40331 addressing a time-of-check to time-of-use (TOCTOU) race condition in the Stream Control...

Advertisement
Host Header · Libsoup

CVE-2025-14523: Libsoup Host Header Vulnerability Threatens GNOME & Windows Apps

A critical vulnerability in GNOME's widely-used HTTP library, libsoup, has security researchers and system administrators scrambling to patch affected systems. Tracked as CVE-2025-14523, this flaw...

SE Security Desk·31w ago
Glib · Gvariant

CVE-2025-14087: Critical GLib GVariant Heap Corruption Threatens Linux & Windows Apps

A newly disclosed critical vulnerability, CVE-2025-14087, has sent shockwaves through the open-source and Windows development communities, exposing a fundamental flaw in GLib's GVariant text parser...

SE Security Desk·31w ago
Bootloader · Grub

GRUB2 CVE-2025-61663 Critical Vulnerability: Patch Your Bootloader Now

A critical use-after-free vulnerability in the GRUB2 bootloader, tracked as CVE-2025-61663, has been disclosed, posing significant risks to Linux systems and dual-boot Windows configurations...

SE Security Desk·31w ago
Tigervnc · Vulnerability

CVE-2025-49179: X.Org Record Extension Vulnerability Threatens Linux & Windows Subsystem Security

A critical security vulnerability in the X.Org X server's Record extension, tracked as CVE-2025-49179, has been discovered that allows local attackers to trigger denial-of-service conditions through...

SE Security Desk·31w ago
Cisa · Geoserver

CISA KEV Catalog Adds Critical GeoServer XXE Flaw CVE-2025-58360: Patch Immediately

The Cybersecurity and Infrastructure Security Agency (CISA) has elevated a critical vulnerability in GeoServer—tracked as CVE-2025-58360—to its Known Exploited Vulnerabilities (KEV) catalog,...

SE Security Desk·31w ago
Gpu Virtualization · Huge Pages

CVE-2025-40336: Linux Kernel GPU Virtualization Bug Explained

A significant security vulnerability has been disclosed in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically affecting GPU virtualization through the gpusvm code. Designated...

SE Security Desk·31w ago
File Explorer · Patch Guidance

CVE-2025-62565: Critical Windows Explorer Flaw Allows Local Privilege Escalation to SYSTEM

Microsoft has disclosed a critical security vulnerability in Windows Explorer that could allow authenticated local attackers to escalate privileges to SYSTEM level, granting them complete control...

SE Security Desk·31w ago
Denial Of Service · Hyper-v

Microsoft Patches Hyper-V Kernel Bug That Lets Attackers Crash Virtual Machine Hosts

Microsoft released a security fix on December 9, 2025, that addresses a kernel-level flaw in its Hyper-V virtualization software. The vulnerability, tracked as CVE-2025-62567, could enable a...

SE Security Desk·31w ago