Tag: cve
-
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.”This vulnerability is due to the presence of a hard-coded JSON…
-
Security update causes new problem for Windows Hello for Business authentication
Tags: advisory, authentication, business, credentials, cve, flaw, identity, login, microsoft, update, vulnerability, windowsfixing vulnerabilities, of which CVE-2025-26647, the flaw addressed by the buggy fix, was serious enough to warrant immediate attention.But Windows environments are varied, and exceptions arise, especially in relation to the complex subject of authentication. In some cases, the fix for a vulnerability can cause new problems that Microsoft only detects when customers shout about…
-
Google Rolls Out May 2025 Android Security Bulletin, Fixes 46 Vulnerabilities Including CVE-2025-27363
Google has published its Android Security Bulletin for May 2025, delivering critical updates to the Android ecosystem. This monthly update resolves 46 vulnerabilities, one of which”, CVE-2025-27363″, has already been exploited in the wild. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/android-security-bulletin-2/
-
U.S. CISA adds FreeType flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. In mid-March, Metawarnedthat the out-of-bounds write vulnerabilityCVE-2025-27363may have been actively exploited in attacks. “An out…
-
Researcher Says Patched Commvault Bug Still Exploitable
CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/researcher-patched-commvault-bug-exploitable
-
Samsung MagicINFO flaw exploited days after PoC exploit publication
Threat actors started exploiting a vulnerability in Samsung MagicINFO only days after a PoC exploit was published. Arctic Wolf researchers observed threat actors beginning to exploit a high-severity vulnerability, tracked as CVE-2024-7399 (CVSS score: 8.8), in the Samsung MagicINFO content management system (CMS) just days after proof-of-concept (PoC) exploit code was publicly released. The vulnerability…
-
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-parquet-exploit-tool-detect-servers-vulnerable-to-critical-flaw/
-
Experts warn of a second wave of attacks targeting SAP NetWeaver bug CVE-2025-31324
Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader…
-
U.S. CISA adds Langflow flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Langflow flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added a Langflow flaw, tracked as CVE-2025-3248 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2025-3248 is a…
-
Schwachstelle in SAP-Netweaver-Visual-Composer ermöglicht Cyberkriminellen die Ausführung von Remotecode
Eine kritische Schwachstelle für den Datei-Upload mit einem CVSS-Score von 10,0 betrifft die Metadaten-Uploader-Komponente des SAP-NetWeaver-Visual-Composer. Als besonders schwerwiegende Sicherheitslücke vereint die Schwachstelle CVE-2025-31324 mehrere sehr große Risikofaktoren: Sie weist den maximalen CVSS-Score auf, benötigt keine Authentifizierung, betrifft ein in vielen großen Unternehmen weit verbreitetes Produkt und wurde bereits aktiv für die Ausführung von Remotecodes…
-
Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild
Google has released critical security patches for Android devices to address 57 vulnerabilities across multiple subsystems, including an actively exploited remote code execution flaw tracked as CVE-2025-27363. The May 2025 security bulletin confirms this high-severity vulnerability in Android’s System component enables local code execution without requiring additional privileges or user interaction. Devices running Android 13…
-
Google fixed actively exploited Android flaw CVE-2025-27363
Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks…
-
What a future without CVEs means for cyber defense
The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/06/cve-program-foundation/
-
Update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.”The…
-
Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.”The…
-
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
Tags: cisa, cve, cvss, cybersecurity, exploit, flaw, infrastructure, kev, open-source, vulnerabilityA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.”Langflow contains a missing First…
-
CVE-2025-32433 betrifft alle Versionen bis OTP 27.3.2 10-Schwachstelle in Erlang/OTP-SSH
First seen on security-insider.de Jump to article: www.security-insider.de/ssh-fehler-erlang-otp-schwachstelle-cve-2025-32433-a-4cba6a51c11e40adcc3059ac36909de6/
-
Commvault CVE-2025-34028 Added to CISA KEV After Active Exploitation Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a maximum-severity security flaw impacting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog, a little over a week after it was publicly disclosed.The vulnerability in question is CVE-2025-34028 (CVSS score: 10.0), a path traversal bug that affects 11.38 Innovation Release, from versions First…
-
Multiple Flaws in Tenda RX2 Pro Let Attackers Gain Admin Access
Security researchers have uncovered a series of critical vulnerabilities in the Tenda RX2 Pro Dual-Band Gigabit Wi-Fi 6 Router (Firmware V16.03.30.14), which could allow remote attackers to gain administrative access and, in many cases, full root shell on the device. Despite the notification, Tenda has not responded, and no patches are available. Eleven separate CVEs…
-
Apache Parquet Java Vulnerability CVE-2025-46762 Exposes Systems to Remote Code Execution Attacks
A vulnerability has been identified in Apache Parquet Java, which could leave systems exposed to remote code execution (RCE) attacks. Apache Parquet contributor Gang Wu discovered, this flaw, tracked as CVE-2025-46762, in the parquet-avro module and publicly disclosed it on May 2. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-parquet-java-flaw-cve-2025-46762/
-
Fix öffnet neue Angriffsfläche – Probleme mit Windows-Update für CVE-2025-21204
First seen on security-insider.de Jump to article: www.security-insider.de/patch-fuer-windows-schwachstelle-cve-2025-21204-oeffnet-neue-sicherheitsluecke-a-6d760f47ac11f9497d34d3e83e279b15/
-
watchTowr Warns of Active Exploitation of SonicWall SMA 100 Devices
watchTowr reveals active exploitation of SonicWall SMA 100 vulnerabilities (CVE-2024-38475 & CVE-2023-44221) potentially leading to full system takeover… First seen on hackread.com Jump to article: hackread.com/watchtowr-exploits-target-sonicwall-sma-100-devices/
-
CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221
The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding two vulnerabilities, CVE-2024-38475 and CVE-2023-44221, that are currently being actively exploited. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2024-38475-and-cve-2023-44221/
-
Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)
Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise SonicWall secure mobile access devices, the vendor has confirmed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/sonicwall-cve-2024-38475-cve-2023-44221-exploited/
-
How to Automate CVE and Vulnerability Advisory Response with Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories…
-
NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code
NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in its popular TensorRT-LLM framework, urging all users to update to the latest version (0.18.2) to safeguard their systems against potential attacks. Overview of the Vulnerability The vulnerability, identified as CVE-2025-23254, affects all versions of the NVIDIA TensorRT-LLM framework before 0.18.2 across…
-
CISA Issues Alert on Actively Exploited Apache HTTP Server Escape Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a newly discovered and actively exploited vulnerability in the widely used Apache HTTP Server. The flaw, catalogued as CVE-2024-38475, affects the server’s mod_rewrite module and poses significant risks to organizations worldwide. Details of the Vulnerability CVE-2024-38475 is classified as an >>improper escaping…
-
Critical Vulnerabilities and Top CVEs of April 2025
Some vulnerabilities make headlines. Others quietly become someone’s worst day at work. The critical CVEs 2025 that surfaced in April weren’t just technical flaws, they were real entry points. Into… The post Critical Vulnerabilities and Top CVEs of April 2025 appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/05/critical-vulnerabilities-and-top-cves-of-april-2025/
-
Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code
A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own hacking competition, allows attackers to execute malicious code remotely via the vehicle’s Tire Pressure Monitoring System (TPMS). The vulnerability, now patched, highlights growing risks in automotive cybersecurity. Detail Description CVE ID CVE-2025-2082 CVSS Score 7.5 (High) Adjacent Network Attack Vector […]…