Content Cacheability

Oracle silently fixes zero-day exploit leaked by ShinyHunters

AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more

CISA: High-severity Windows SMB flaw now exploited in attacks

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Silver Fox Expands Winos 4.0 Attacks to Japan and Malaysia via HoldingHands RAT

New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

Hackers exploiting critical "SessionReaper" flaw in Adobe Magento

New FileFix attack uses cache smuggling to evade security software

Over 75,000 WatchGuard security devices vulnerable to critical RCE

CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability

CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability

CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability

CVE-2025-2747 Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2025-2746 Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability

CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability

CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability

CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability

Content Security Policy (CSP) Header Not Set

CSP

MediumContent Security Policy (CSP) Header Not Set

MediumMissing Anti-clickjacking Header

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowCSP: X-Content-Security-Policy

InformationalModern Web Application

CWE-230 Improper Handling of Missing Values

CWE-1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

CWE-47 Path Equivalence: ' filename' (Leading Space)

MediumCWE-1004 Sensitive Cookie Without 'HttpOnly' Flag

HighCWE-285 Improper Authorization

HighCWE-311 Missing Encryption of Sensitive Data

HighCWE-467 Use of sizeof() on a Pointer Type

LowCWE-601 URL Redirection to Untrusted Site ('Open Redirect')

MediumCWE-665 Improper Initialization

CWE-703 Improper Check or Handling of Exceptional Conditions