CVE CyberSecurity Database News

Dec 12, 2025 Exploit

CVE-2025-54369 - Exploiting Node-SAML’s Broken SAML Assertion Handling (with PoC)

Node-SAML is a popular library that brings SAML authentication to Node.js apps—used for letting users log in using their single sign-on identities. But

Dec 12, 2025 API Mac Google Chrome

CVE-2025-14174 - Out of Bounds Memory Access in ANGLE – How a Crafted HTML Page Could Hack Your Chrome on Mac

In early June 2024, security researchers discovered a serious vulnerability in Google Chrome for Mac, tracked as CVE-2025-14174. This bug lives deep in the ANGLE

Dec 10, 2025 Exploit

CVE-2025-5467 - How Apport Crash Reports Can Leak Sensitive Data on Ubuntu Systems

In early 2025, a new vulnerability was found in Apport, the crash reporting tool shipped with Ubuntu and other Canonical-based Linux distributions. Tracked as CVE-2025-5467,

Dec 10, 2025

CVE-2025-67642 - How Jenkins HashiCorp Vault Plugin Leak Lets Attackers Steal Credentials (Explained with Code)

Jenkins is a widely used automation tool in the DevOps world, often extended with plugins that help teams speed up development. One of these plugins,

Dec 9, 2025 Microsoft Exploit

CVE-2025-64667 - UI Misrepresentation in Microsoft Exchange Server Leads to Critical Spoofing Attack

--- *Published: July 2024* When running a secure email environment, Microsoft Exchange Server is the backbone for many organizations. But recently, a new vulnerability—CVE-2025-64667—