The newly cataloged vulnerabilities include an improper access control flaw in Vitejs (CVE-2025-31125), an improper authentication bypass in Versa Concerto SD-WAN (CVE-2025-34026), a supply-chain compromise in eslint-config-prettier (CVE-2025-54313), and a PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (CVE-2025-68645).
All GNU InetUtils telnetd versions 1.9.3 to 2.7 were affected by a critical remote authentication bypass issue that has been unidentified for almost 11 years, according to The Hacker News.
Fixes have been rolled out by Cisco to address a critical zero-day impacting its Unified Communications suite, tracked as CVE-2026-20045, amid ongoing exploitation, reports The Register.
The vulnerability stemmed from an unchecked return value in GitLab's authentication services, enabling attackers with knowledge of a target's account ID to circumvent two-factor authentication by submitting forged device responses.
