Tag: cve
-
Desaster: Fortinet FortiWeb Schwachstelle (CVE-2025-64446)
Administratoren von Fortinet FortiWeb-Instanzen müssen sich womöglich auf Ärger einstellen. Fortinet hat stillschweigend zum 28. Oktober 2025 eine schwerwiegende Schwachstelle CVE-2025-64446 in seinem FortiWeb gepatcht. Es geht aber seit ca. einem Monat das Gerücht um, dass man über eine Schwachstelle … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/15/fortinet-fortiweb-schwachstelle-cve-2025-64446-ein-desaster/
-
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to…
-
Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely
ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices. The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the…
-
CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws
CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now! First seen on hackread.com Jump to article: hackread.com/cisa-attacks-cisco-asa-firepower-flaws/
-
CISA Warns of Active Attacks on Cisco ASA and Firepower Flaws
CISA issues an urgent directive for all organizations to patch Cisco ASA and Firepower devices against CVE-2025-20362 and CVE-2025-20333, exploited in the ArcaneDoor campaign. Verify the correct version now! First seen on hackread.com Jump to article: hackread.com/cisa-attacks-cisco-asa-firepower-flaws/
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cybersecurity Snapshot: Refresh Your Akira Defenses Now, CISA Says, as OWASP Revamps Its App Sec Top 10 Risks
Tags: access, advisory, ai, antivirus, application-security, attack, authentication, backup, business, chatgpt, cisa, ciso, cloud, compliance, control, corporate, cve, cyber, cybersecurity, data, defense, detection, encryption, endpoint, exploit, finance, firewall, flaw, framework, germany, group, guide, healthcare, infrastructure, injection, Internet, iot, law, malware, mfa, mitigation, phishing, privacy, programming, ransomware, resilience, risk, service, soc, software, supply-chain, tactics, technology, threat, tool, update, vulnerabilityLearn why you should revise your Akira ransomware protection plans. Plus, find out what’s new in OWASP’s revamped Top 10 Web Application Risks list. Also, find out about agentic AI’s cognitive degradation risk. And get the latest on AI security trends and CISO compensation. Key takeaways CISA and other agencies are urging organizations, especially in…
-
Cisco Catalyst Center Vulnerability Allows Attackers to Escalate Privileges
A critical security vulnerability has been identified in the Cisco Catalyst Center Virtual Appliance that could enable authenticated, remote attackers to escalate their privileges to Administrator on affected systems. This vulnerability CVE-2025-20341 caused by insufficient validation of user-supplied input, underscores the urgent need for patching among organizations that use the affected platform. The vulnerability resides…
-
NVIDIA NeMo Flaw Enables Code Injection and Privilege Escalation Attacks
NVIDIA has released critical security patches addressing two high-severity vulnerabilities in its NeMo Framework that could allow attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities affect all versions of the framework before 2.5.0, and users should update to 2.5.0 immediately. CVE ID Description CVSS Score Severity CVE-2025-23361 Improper control of…
-
Palo Alto PAN-OS Flaw Lets Attackers Force Firewall Reboots via Malicious Packets
Palo Alto Networks has disclosed a denial-of-service vulnerability in its PAN-OS software that allows attackers to force firewalls into unexpected reboots using specially crafted network packets. The flaw, tracked as CVE-2025-4619, affects multiple versions of PAN-OS running on PA-Series and VM-Series firewalls, as well as Prisma Access deployments. The vulnerability enables unauthenticated attackers to trigger…
-
>>Patched<< but still exposed: US federal agencies must remediate Cisco flaws (again)
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/13/cisa-directive-cve-2025-20333-cve-2025-20362/
-
>>Patched<< but still exposed: US federal agencies must remediate Cisco flaws (again)
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/13/cisa-directive-cve-2025-20333-cve-2025-20362/
-
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover. First seen on hackread.com Jump to article: hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
-
SAP Pushes Emergency Patch for 9.9 Rated CVE-2025-42887 After Full Takeover Risk
CVE 2025 42887 vulnerability, rated 9.9, allows code injection through Solution Manager giving attackers full SAP control urgent patch needed to block system takeover. First seen on hackread.com Jump to article: hackread.com/sap-patch-cve-2025-42887-takeover-vulnerability/
-
CISA Warns of Active Exploitation of Windows Kernel 0-Day Enabling Privilege Escalation
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, microsoft, vulnerability, windows, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about the active exploitation of a new zero-day vulnerability in Microsoft Windows. This security flaw, tracked as CVE-2025-62215, affects the Windows Kernel and could allow attackers to escalate their privileges if successfully exploited. Overview of the Vulnerability CVE-2025-62215 is a race condition vulnerability…
-
Kibana Vulnerabilities Expose Systems to SSRF and XSS Attacks
Elastic has released a security advisory addressing an origin validation error in Kibana that could expose systems to Server-Side Request Forgery (SSRF) attacks. The vulnerability, tracked as CVE-2025-37734, affects multiple versions of the popular data visualization and exploration platform and has prompted immediate patching across all affected deployments. CVE ID Vulnerability Affected Versions CVSS Score Fixed Versions…
-
CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including First seen on thehackernews.com…
-
Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges
Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments. CVE ID Product Affected Versions Remediated…
-
CISA Warns of Active Exploitation of WatchGuard Firebox OutBounds Write Flaw
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, infrastructure, kev, network, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting WatchGuard Firebox firewalls to its Known Exploited Vulnerabilities (KEV) catalog, warning of active exploitation in the wild. The flaw, tracked as CVE-2025-9242, poses severe risks to organizations relying on these devices for network security. The Vulnerability WatchGuard Firebox firewalls contain an out-of-bounds write…
-
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization…
-
Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway platforms. The flaw, tracked as CVE-2025-12101, poses a moderate security risk to organizations relying on these network appliances for authentication and secure access services. Field Value CVE ID CVE-2025-12101 Vulnerability Type Cross-Site Scripting (XSS) CWE Classification CWE-79: Improper Neutralization…
-
‘Advanced’ hacker seen exploiting Cisco, Citrix zero-days
The hackers notably used custom malware and were exploiting CVE-2025-5777, now known colloquially as “Citrix Bleed Two”, before it was disclosed publicly in July. First seen on therecord.media Jump to article: therecord.media/advanced-hacker-exploiting-cisco-citrix-zero-days-amazon
-
SAP fixed a maximum severity flaw in SQL Anywhere Monitor
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key…
-
Cl0p Ransomware Lists NHS UK as Victim, Days After Washington Post Breach
Cl0p ransomware lists NHS UK as a victim days after The Washington Post confirms a major Oracle E-Business breach linked to CVE-2025-61882. First seen on hackread.com Jump to article: hackread.com/cl0p-ransomware-nhs-uk-washington-post-breach/
-
Microsoft Patch Tuesday for November 2025 Fix for 0-day and Other 62 Vulnerabilities
Microsoft has released its November 2025 Patch Tuesday update, addressing 63 security vulnerabilities across its software lineup. The update includes a critical fix for a zero-day vulnerability in the Windows Kernel that is confirmed to be actively exploited in the wild. The most critical patch in this month’s release is for CVE-2025-62215, an Elevation of…
-
Ivanti Endpoint Manager Vulnerabilities Let Attackers Write Files Anywhere on Target Systems
Ivanti has released critical security updates for Ivanti Endpoint Manager to address three high-severity vulnerabilities that could allow authenticated attackers to write arbitrary files to any location on affected systems. The company disclosed the security advisory on November 10, 2025, with the latest patch becoming available immediately. CVE Number Description CVSS Score Severity CVE-2025-10918 Insecure…