Tag: cve
-
Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes
Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how… First seen on hackread.com Jump to article: hackread.com/linux-crash-reporting-flaws-expose-password-hashes/
-
Qualcomm fixed three zero-days exploited in limited, targeted attacks
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480,…
-
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application.A brief description of the three flaws is as follows -CVE-2024-13915 (CVSS score: 6.9) – A pre-installed “com.pri.factorytest” application on Ulefone and…
-
Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
Qualcomm has shipped security updates to address three zero-day vulnerabilities that it said have been exploited in limited, targeted attacks in the wild.The flaws in question, which were responsibly disclosed to the company by the Google Android Security team, are listed below -CVE-2025-21479 and CVE-2025-21480 (CVSS score: 8.6) – Two incorrect authorization vulnerabilities in the…
-
IBM DataStage Bug Exposes Database Credentials in Plain Tex
A recently disclosed vulnerability in IBM InfoSphere DataStage, tracked as CVE-2025-1499, has raised concerns across the enterprise data management sector. The flaw centers on the cleartext storage of sensitive credential information, potentially exposing database authentication details to authenticated users. Below, we break down the technical aspects, impact, and available remediation for this issue. ClearText Storage…
-
Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
A high-severity security vulnerability has been identified in the Realtek Bluetooth Host Controller Interface (HCI) Adaptor, raising significant concerns for device manufacturers and end-users. The flaw, tracked as CVE-2024-11857, was disclosed on June 2, 2025, and published in both the National Vulnerability Database (NVD) and the GitHub Advisory Database within hours of its discovery. This…
-
Critical Denodo Scheduler Flaw Allows Remote Code Execution by Attackers
Denodo, a provider of logical data management software, recently faced a critical security vulnerability in its Denodo Scheduler product. This vulnerability, tracked as CVE-2025-26147, allows authenticated users to perform remote code execution (RCE) on affected systems, posing significant risks to organizations relying on this scheduling tool for data extraction and integration jobs. Introduction to Denodo…
-
Active Exploits Detected Targeting Critical vBulletin Vulnerability
Two critical vulnerabilities”, CVE-2025-48827 and CVE-2025-48828″, have been assigned to vBulletin, the widely used PHP/MySQL forum software, following public disclosure and observed exploitation in the wild. The flaws, affecting vBulletin versions 5.0.0 through 6.0.3, enable unauthenticated attackers to achieve Remote Code Execution (RCE), putting thousands of online communities at risk. Reflection API Abuse and Template…
-
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188…
-
New Linux Security Bugs Could Expose Password Hashes Across Millions of Devices
The Qualys Threat Research Unit (TRU) has disclosed two significant local information disclosure vulnerabilities”, CVE-2025-5054 and CVE-2025-4598″, impacting the core-dump handlers Apport and systemd-coredump on millions of Linux systems. These race-condition vulnerabilities could enable local attackers to extract highly sensitive data, including password hashes, by manipulating the crash reporting mechanisms embedded in popular distributions such…
-
Two flaws in vBulletin forum software are under attack
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827…
-
Exploit details for max severity Cisco IOS XE flaw now public
Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-details-for-max-severity-cisco-ios-xe-flaw-now-public/
-
New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora
Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools…
-
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
Tags: access, advisory, attack, credentials, cve, cyber, data-breach, flaw, network, risk, vulnerabilityIn a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd’s NetFax Server, affecting all versions before 3.0.1.0. These flaws”, CVE-2025-48045, CVE-2025-48046, and CVE-2025-48047″, allow attackers to gain root-level access through a chain of authenticated attacks, with default credentials and sensitive information exposed in cleartext. Despite the risks, the vendor…
-
New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks
A newly disclosed vulnerability, tracked as CVE-2025-27522, has been discovered in Apache InLong, a widely used real-time data streaming platform. The Apache InLong vulnerability introduces the potential for remote code execution (RCE). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-inlong-cve-2025-27522/
-
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is enabled, allows attackers to exploit the development server via Cross-site WebSocket Hijacking (CSWSH), potentially exposing sensitive application source code. The issue has been addressed in version 15.2.2, but…
-
Critical Cisco IOS XE Flaw Permits Arbitrary File Upload, PoC Released
A critical security vulnerability, tracked as CVE-2025-20188, has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), threatening enterprise wireless infrastructures worldwide. This flaw, scoring a maximum 10.0 on the CVSS scale, allows unauthenticated remote attackers to upload arbitrary files and potentially execute commands as root, granting full control over affected devices. The vulnerability…
-
Apache Tomcat CGI Servlet Flaw Enables Security Constraint Bypass
A newly disclosed vulnerability, CVE-2025-46701, has been identified in Apache Tomcat’s CGI servlet, allowing attackers to bypass security constraints under specific conditions. The flaw, announced on May 29, 2025, is rooted in the improper handling of case sensitivity within the pathInfo component of URLs mapped to the CGI servlet. When Tomcat is deployed on a…
-
Over 9,000 Routers Hijacked: ASUS Users Caught in Ongoing Cyber Operation
Over 9,000 ASUS routers were hacked in a stealth cyberattack exploiting CVE-2023-39780. Learn how it works and what ASUS users should do to stay safe. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/asus-routers-hijacked-2025/
-
Apache InLong JDBC Vulnerability Enables Deserialization of Untrusted Data
A moderate-severity vulnerability, tracked as CVE-2025-27522, has been disclosed in Apache InLong, a popular data integration platform. The flaw, affecting versions 1.13.0 through 2.1.0, centers on the deserialization of untrusted data during JDBC (Java Database Connectivity) verification processing. This vulnerability is classified as a secondary mining bypass for the previously reported CVE-2024-26579, indicating that earlier…
-
Windows 11 File Explorer Vulnerability Enables NTLM Hash Theft
A newly disclosed vulnerability, CVE-2025-24071, has been identified in Windows File Explorer, specifically affecting Windows 11 (23H2) and earlier versions that support .library-ms files and the SMB protocol. This flaw enables attackers to capture NTLM (New Technology LAN Manager) authentication hashes simply by tricking a user into extracting a malicious ZIP archive”, no further interaction…
-
Critical Argo CD Flaw Exposes Kubernetes Clusters to Full Resource Manipulation
A critical cross-site scripting (XSS) vulnerability, officially tracked as CVE-2025-47933 and GHSA-2hj5-g64g-fp6p, has been identified in Argo CD, a widely used open-source GitOps tool for Kubernetes. This flaw affects the repository URL handling mechanism in the Argo CD user interface, specifically due to improper validation of URL protocols in the ui/src/app/shared/components/urls.ts file. Attackers can exploit…
-
DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints
The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider’s (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints.It’s believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were…
-
BSidesLV24 PasswordsCon CVE Hunting: Wi-Fi Routers, OSINT ‘The Tyranny Of The Default’
Author/Presenter: Actuator Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-passwordscon-cve-hunting-wi-fi-routers-osint-the-tyranny-of-the-default/
-
XenServer Windows VM Tools Flaw Enables Attackers to Run Arbitrary Code
Citrix has issued a high-severity security bulletin addressing multiple vulnerabilities”, CVE-2025-27462, CVE-2025-27463, and CVE-2025-27464″, affecting XenServer VM Tools for Windows. These vulnerabilities allow attackers with the ability to execute arbitrary unprivileged code within a guest Windows VM to escalate privileges and compromise that VM. The affected platforms include Windows VMs running on XenServer 8.4 and…
-
Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware
A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft Content Management System (CMS) to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware.The vulnerability in question is CVE-2025-32432, a maximum severity flaw in Craft CMS that was patched in…
-
251 Amazon-Hosted IPs Used in Exploit Scan Targeting ColdFusion, Struts, and Elasticsearch
Cybersecurity researchers have disclosed details of a coordinated cloud-based scanning activity that targeted 75 distinct “exposure points” earlier this month.The activity, observed by GreyNoise on May 8, 2025, involved as many as 251 malicious IP addresses that are all geolocated to Japan and hosted by Amazon.”These IPs triggered 75 distinct behaviors, including CVE exploits, First…
-
Not Every CVE Deserves a Fire Drill: Focus on What’s Exploitable
Not every “critical” vulnerability is a critical risk. Picus Exposure Validation cuts through the noise by testing what’s actually exploitable in your environment, so you can patch what matters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-every-cve-deserves-a-fire-drill-focus-on-whats-exploitable/
-
CVE Uncertainty Underlines Importance of Cyber Resilience
Organizations need to broaden their strategy to manage vulnerabilities more effectively and strengthen network cyber resilience. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/cve-uncertainty-underlines-importance-cyber-resilience