Tag: cve
-
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech…
-
Virtualbox 7.1.12 und 7.2.2: Schwachstelle CVE-2025-62641
Gerade wurde bekannt, dass es in Virtualbox 7.1.12 und 7.2.2 die Schwachstelle CVE-2025-62641 gibt. Damit können Angreifer ggf. den Host übernehmen. Zudem sind weitere Schwachstellen in den Versionen vorhanden. Abhilfe schaffen Virtualbox 7.1.14 und 7.2.4. Zum 14. August 2025 hatten … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/virtualbox-7-1-12-und-7-2-2-schwachstelle-cve-2025-62641/
-
Windows Server 2019: OutBand Updates KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Microsoft Issues Emergency Patch for Critical WSUS Remote Code Execution Flaw (CVE-2025-59287)
Microsoft has released an urgent out-of-band security update to address a severe remote code execution (RCE) vulnerability in Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses a direct risk to organizations that utilize WSUS to manage Windows updates across their IT infrastructure. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-fixes-cve-2025-59287/
-
Windows Server 2019: OutBand Update KB5070883 für WSUS-Schwachstelle (23.10.2025)
Es gibt ein Out-of-Band Update KB5070883 für Windows Server 2019, welches Microsoft zum 23. Oktober 2025 bereitgestellt hat. Ziel dieses Notfall-Updates ist es, eine kritische Schwachstelle in WSUS zu schließen. Die Remote Execution-Schwachstelle CVE-2025-59287 wurde mit einem CVSS-Score von 9.8 … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/windows-server-2019-out-of-band-update-kb5070883-fuer-wsus-schwachstelle/
-
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
Microsoft has released an out-of-band security update that >>comprehensively
-
China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. >>China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in…
-
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
Microsoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastructure. Attribute Details CVE ID CVE-2025-59287 Released October 14, 2025 Last Updated October 23, 2025 Vulnerability Type Remote…
-
Fear the ‘SessionReaper’: Adobe Commerce Flaw Under Attack
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sessionreaper-adobe-commerce-flaw-under-attack
-
Anchore Enterprise 5.22: OpenVEX, PURLs, and RHEL EUS Support
Anchore Enterprise 5.22 introduces three capabilities designed to make vulnerability management clearer, cleaner, and more trustworthy: Each of these features adds context and precision to vulnerability data”, helping teams reduce noise, speed triage, and strengthen communication across the supply chain. Security teams are flooded with vulnerability alerts that lack actionable context. A single CVE may…
-
Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
CVE-2025-61932, an >>improper verification of source of a communication channel
-
Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
CVE-2025-61932, an >>improper verification of source of a communication channel
-
Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/23/adobe-magento-cve-2025-54236-attack/
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and affects multiple product versions dating back…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and affects multiple product versions dating back…
-
Active Exploits Target Magento and Adobe Commerce RCE, Attackers Inject Webshells
Unauthenticated attackers are actively exploiting a critical vulnerability affecting Adobe Commerce and Magento platforms worldwide. The flaw, tracked as CVE-2025-54236 and dubbedSessionReaper, enables remote code execution and customer account takeover on thousands of online stores. CVE ID Vulnerability Name Affected Products Type CVSS 3.1 CVE-2025-54236 SessionReaper Adobe Commerce & Magento (all versions) Unauthenticated RCE, Account…
-
Jira Vulnerability Lets Attackers Alter Files Accessible to the Jira JVM Process
Atlassian has disclosed a critical path traversal vulnerability affecting Jira Software Data Center and Server that could allow authenticated attackers to modify files accessible to the Jira Java Virtual Machine (JVM) process. The vulnerability, tracked as CVE-2025-22167, carries a high severity rating with a CVSS score of 8.7 and affects multiple product versions dating back…
-
U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Motex LANSCOPE flaw, tracked as CVE-2025-61932 (CVSS v4 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is an improper verification of source of a communication…
-
Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed…
-
Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors are exploiting a critical flaw in Adobe Commerce and Magento, tracked as CVE-2025-54236 (CVSS 9.1), to hijack customer accounts via the REST API. The experts observed…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE
The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability…
-
Critical Argument Injection Flaw in AI Agents Enables Remote Code Execution
AI-powered agents are increasingly relied upon to execute tasks like code analysis, file management, and automating workflows. However, a newly highlighted vulnerability argument injection shows how attackers can use these very capabilities to achieve remote code execution (RCE), even when certain safeguards are in place. CVE ID Product Vulnerability CVE-2025-54795 Claude Code Command injection in…
-
Critical Argument Injection Flaw in AI Agents Enables Remote Code Execution
AI-powered agents are increasingly relied upon to execute tasks like code analysis, file management, and automating workflows. However, a newly highlighted vulnerability argument injection shows how attackers can use these very capabilities to achieve remote code execution (RCE), even when certain safeguards are in place. CVE ID Product Vulnerability CVE-2025-54795 Claude Code Command injection in…
-
Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw
E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours.The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw…
-
Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
Tags: cisa, cve, cyberattack, cybersecurity, endpoint, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client First seen on thehackernews.com…
-
CVE-2025-6515 Prompt Hijacking bedroht MCP-Workflows in oatpp-mcp
Die Sicherheitsforscher von JFrog haben in der Oat++-Implementierung des Model Context Protocol (MCP) eine Schwachstelle (CVE-2025-6515) identifiziert, die Angreifer für sogenannte Prompt-Hijacking-Angriffe nutzen können. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cve-2025-6515-prompt-hijacking