Tag: cve
-
Angular SSR Vulnerability Allows Attackers to Access Sensitive Data
A high vulnerability in Angular’s server-side rendering (SSR) feature can lead to sensitive data exposure when multiple requests are handled at the same time. This flaw, tracked as CVE-2025-59052, stems from a global race condition in the platform injector that may cause cross-request data leakage. Organizations using vulnerable Angular versions should update immediately or implement…
-
SAP Issues Critical Security Patch for NetWeaver and Other Products, Warns of CVE-2025-42944
SAP has released a new security update addressing a broad range of vulnerabilities across its product ecosystem. Among the most alarming is a critical vulnerability identified in SAP NetWeaver, tracked as CVE-2025-42944, which has received the highest possible severity rating of CVSS 10.0. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/sap-patches-cve-2025-42944/
-
CoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block Updates
A critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1.2.0 onward and was patched in version 1.12.4, as per a report by Researcher…
-
Palo Alto Networks User-ID Agent Flaw Leaks Passwords in Cleartext
Tags: credentials, cve, cvss, cyber, data-breach, flaw, leak, network, password, service, vulnerability, windowsA newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2 (Medium) and has been assigned a Moderate urgency level. Palo Alto Networks released details and…
-
ACSC Warns of Actively Exploited SonicWall Access Control Vulnerability
The Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality across multiple generations of SonicWall devices. Critical Vulnerability Details The improper access control vulnerability carries a…
-
Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts
Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper, CVSS score of 9.1) in its Commerce and Magento Open Source platforms. The vulnerability is an improper input validation flaw. >>The bug, dubbed…
-
Patch Tuesday Update September 2025
In total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 86 CVEs, including 5 republished CVEs. Overall, Microsoft announced 2 Zero-Day, 9 Critical, and 73 Important vulnerabilities. From an Impact perspective, Escalation of Privilege vulnerabilities accounted for 44%, while Remove Code Execution for 27% and Information Disclosure for 16%. Patches for this month……
-
EoP Flaws Again Lead Microsoft Patch Tuesday
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/eop-flaws-again-lead-microsoft-patch-day
-
Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign
The post Lazarus Group Is Exploiting CVE-2025-48384 in New Phishing Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-is-exploiting-cve-2025-48384-in-new-phishing-campaign/
-
Apple CarPlay Vulnerability Allows Remote Code Execution to Gain Root Access
A newly disclosed vulnerability in Apple’s CarPlay ecosystem enablesremote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked asCVE-2025-24132, the flaw resides within the AirPlay protocol implementation used by CarPlay systems. CVE ID Affected Components Versions Impacted CVE-2025-24132 AirPlay Audio SDK < 2.7.1…
-
Apple CarPlay Vulnerability Allows Remote Code Execution to Gain Root Access
A newly disclosed vulnerability in Apple’s CarPlay ecosystem enablesremote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked asCVE-2025-24132, the flaw resides within the AirPlay protocol implementation used by CarPlay systems. CVE ID Affected Components Versions Impacted CVE-2025-24132 AirPlay Audio SDK < 2.7.1…
-
EoP Flaws Again Lead Microsoft Patch Day
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/eop-flaws-again-lead-microsoft-patch-day
-
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input…
-
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.The vulnerabilities are listed below -CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious First…
-
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft has fixed over 80 vulnerabilities including two publicly disclosed zero-days in its latest Patch Tuesday release First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/two-zero-days-patch-tuesday-cves/
-
Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Tags: advisory, control, cve, cvss, cyber, endpoint, flaw, ivanti, remote-code-execution, vulnerabilityIvanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high”severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems. Vulnerability Overview The two vulnerabilities share identical characteristics and impact: CVE Number Description CVSS Score…
-
Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Tags: advisory, control, cve, cvss, cyber, endpoint, flaw, ivanti, remote-code-execution, vulnerabilityIvanti released Security Advisory for Endpoint Manager versions 2024 SU3 and 2022 SU8, detailing two high”severity flaws (CVE-2025-9712 and CVE-2025-9872). Both issues stem from insufficient filename validation and require only minimal user interaction, potentially granting full control over affected systems. Vulnerability Overview The two vulnerabilities share identical characteristics and impact: CVE Number Description CVSS Score…
-
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs
Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
-
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs
Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
-
Argo CD Security Flaw Rated 9.8 Leaves GitOps Repositories Exposed
Tags: api, cloud, credentials, cve, cvss, data-breach, flaw, kubernetes, open-source, password, tool, vulnerabilityA security flaw in Argo CD, the popular open-source GitOps tool for Kubernetes, has been targeted at the DevOps and cloud-native communities. Tracked as CVE-2025-55190, the vulnerability has been rated critical with a CVSS score of 9.8 out of 10, as it allows attackers to retrieve sensitive repository credentials, including usernames and passwords, through a…
-
SAP S/4HANA Users Urged to Patch Critical Exploited Bug
Critical SAP S/4HANA vulnerability CVE-2025-42957 is being exploited in the wild First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/sap-s4hana-patch-critical/
-
CISA Alerts on WhatsApp 0-Day Vulnerability Actively Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybercrime, exploit, flaw, ransomware, risk, vulnerability, zero-dayCISA has issued an urgent warning about a newly discovered zero-day vulnerability in WhatsApp that is already being exploited in active attacks. The flaw, tracked as CVE-2025-55177, poses a significant risk to users worldwide, particularly as ransomware operators and other cybercriminals seek to take advantage of the weakness in device synchronization processes. On September 2,…
-
Critical SAP Vulnerability CVE-2025-42957 Actively Exploited by Hackers
Urgent security alert for SAP users! A critical vulnerability (CVE-2025-42957) allows attackers to take full control of your… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-cve-2025-42957-sap-vulnerability/
-
Cybersecurity Landscape 2025 Amid Record Vulnerabilities, Infrastructure Breakdown, and Growing Digital Risks
Tags: breach, compliance, cve, cyber, cyberattack, cybersecurity, data, defense, infrastructure, risk, vulnerabilityThe year 2025 has unfolded in an environment marked by eroding trust in vulnerability databases, an explosive growth in cyberattacks, and digital overload for businesses. Data breaches have become routine, the number of CVEs continues to break records, and traditional defense approaches no longer work. Cybersecurity expert Ilia Dubov, Head of Information Security and Compliance…
-
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation
Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. An attacker can exploit this flaw to fully compromise SAP systems, altering databases, creating superuser accounts, and stealing password hashes. >>SAP…
-
Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
Exploitation of CVE-2025-42957 requires minimal effort and can result in a complete compromise of the SAP system and host OS, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sap-4hana-vulnerability-under-attack