Tag: cvss
-
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager (EPM) enables unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard. The vulnerability, identified as CVE-2025-10573 with a CVSS score of 9.6, affects all versions below EPM 2024 SU4 SR1 and poses an immediate threat to enterprise environments managing…
-
High-Risk Ivanti EPM Vulnerability Opens Door to Admin Session Hijacking
A critical stored cross-site scripting (XSS) vulnerability in Ivanti Endpoint Manager (EPM) enables unauthenticated attackers to hijack administrator sessions by injecting malicious JavaScript into the management dashboard. The vulnerability, identified as CVE-2025-10573 with a CVSS score of 9.6, affects all versions below EPM 2024 SU4 SR1 and poses an immediate threat to enterprise environments managing…
-
Angriffe auf React RCE-Schwachstelle (CVE-2025-55182)
In den React Server Components gibt es eine kritische RCE-Schwachstelle (CVE-2025-55182) mit einem CVSS-Score von 10.0. Das ist seit einigen Tagen bekannt. Nun laufen massive Angriffswellen gegen verwundbare Webseiten und viele Firmenauftritte wurden bereits gehackt. React RCE-Schwachstelle (CVE-2025-55182) React ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/angriffe-auf-react-rce-schwachstelle-cve-2025-55182/
-
Remote Code Execution und CVSS 10.0 – React Schwachstelle öffnet Angreifern den Weg zu Web-Apps
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-react-server-komponenten-nextjs-apps-a-8f3cd6d728f03f2513394f131fa15210/
-
Remote Code Execution und CVSS 10.0 – React Schwachstelle öffnet Angreifern den Weg zu Web-Apps
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-react-server-komponenten-nextjs-apps-a-8f3cd6d728f03f2513394f131fa15210/
-
Warnung von Apache vor kritischer Schwachstelle in Tika-Modul
Zum 4. Dezember 2025 haben die Apache-Software-Foundation vor einer kritischer Schwachstelle im Tika-Modul gewarnt. Der Schwachstelle CVE-2025-66516 wurde ein CVSS-Score von 10.0 (höchster Wert) zugewiesen. Tika erkennt und extrahiert Metadaten aus über 1.000 verschiedenen Dateiformaten. In der Mitteilung CVE-2025-66516: Apache Tika … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/warnung-von-apache-vor-kritischer-schwachstelle-in-tika-modul/
-
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
-
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
-
2.15M Next.js Web Services Exposed Online, Active Attacks Reported Update Immediately
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating, signaling critical impact and ease of exploitation. Censys telemetry shows that more than 2.15 million internet”‘facing services are…
-
2.15M Next.js Web Services Exposed Online, Active Attacks Reported Update Immediately
Security teams worldwide are rushing to patch systems after the disclosure of a critical React vulnerability, CVE-2025-55182, widely known as “React2Shell.” The flaw affects React Server Components (RSC) and has a maximum CVSS score of 10, the highest possible rating, signaling critical impact and ease of exploitation. Censys telemetry shows that more than 2.15 million internet”‘facing services are…
-
Maximum-severity XXE vulnerability discovered in Apache Tika
A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules. An attacker can embed a malicious XFA file inside a PDF and…
-
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.”Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an First seen…
-
China-Nexus Hackers Exploiting React2Shell Vulnerability in Active Attacks
Within hours of the public disclosure of CVE-2025-55182 on December 3, 2025, Amazon threat intelligence teams detected active exploitation attempts from multiple China-nexus threat groups, including Earth Lamia and Jackpot Panda. This critical vulnerability in React Server Components carries a maximum CVSS score of 10.0 and poses an immediate threat to organizations running vulnerable versions…
-
CVSS 10.0 – Identitätsdiebstahl und Rechteausweitung in Grafana
Tags: cvssFirst seen on security-insider.de Jump to article: www.security-insider.de/grafana-sicherheitsluecke-tipps-updates-a-1c3890a8f70e6296806d6b2a9ef4dfd7/
-
Windows shortcuts’ use as a vector for malware may be cut short
Windows shortcut files (.lnk) have long been a convenient hiding place for attackers because Windows Explorer only displayed the first 260 characters of the command in a shortcut’s properties. Anything appended after a long string of spaces stayed invisible to the user.The issue is tracked as CVE-2025-9491, with security analysts assigning a high-severity CVSS rating…
-
Kritische Schwachstelle in React (und Next.js)
In den React Server Components gibt es eine kritische RCE-Schwachstelle (CVE-2025-55182) mit einem CVSS-Score von 10.0. Die Schwachstelle hat nicht nur Auswirkungen auf die React Server Components (ein JavaScript-Framework zur Entwicklung von Web-Komponenten), sondern auch auf Next.js. React ist eine JavaScript-Programmbibliothek … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/04/kritische-schwachstelle-in-react-und-next-js/
-
Critical React Flaw Triggers Calls for Immediate Action
The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-react-flaw-triggers-immediate-action
-
PoC Released for Outlook “MonikerLink” RCE Flaw Allowing Remote Code Execution
Security researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed >>MonikerLink.
-
Windows-Schwachstelle CVE-2025-59287 wird für ShadowPad-Malware-Verteilung per WSUS genutzt
In Windows Server gab es eine mit einem CVSS Score von 9.8 bewertete kritische RCE-Schwachstelle CVE-2025-59287 im WSUS-Teil, mit dem sich die Systeme übernehmen lassen. Die Schwachstelle wurde im Oktober 2025 mit Sicherheitsupdates geschlossen. Nun gibt es Berichte, dass Angreifer … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/28/windows-schwachstelle-cve-2025-59287-wird-fuer-shadowpad-malware-verteilung-per-wsus-genutzt/
-
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks
NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…
-
NVIDIA DGX Spark Flaws Allow Attackers to Run Malicious Code and Launch DoS Attacks
NVIDIA has released security updates to address fourteen critical vulnerabilities in its DGX Spark system. These flaws could allow attackers to execute malicious code, steal sensitive information, and launch denial-of-service attacks that crash the system. The vulnerabilities affect all versions of NVIDIA DGX OS before the latest OTA0 update. CVE ID Severity CVSS Score Potential…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
Windows 11 24H2/Windows Server 2025: ZScaler über kritischen Grafik-Bug CVE-2025-50165
In Windows 11 24H2 sowie in Windows Server 2025 gab es eine kritische Schwachstelle CVE-2025-50165 in den Windows Grafik-Komponenten. Die im August 2025 geschlossene Schwachstelle ist mit einem CVSS 3.1-Score von 9,8 bewertet worden und ermöglichte eine Remote Code Execution … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/23/windows-11-24h2-windows-server-2025-zscaler-ueber-kritischen-grafik-bug-cve-2025-50165/
-
Critical Grafana Flaw Lets Attackers Escalate Privileges
Grafana Labs has released critical security patches addressing a severe vulnerability in its SCIM provisioning feature that could allow attackers to escalate privileges or impersonate users. The flaw, tracked as CVE-2025-41115 with a CVSS score of 10.0 (Critical), affects Grafana Enterprise versions 12.0.0 through 12.2.1 under specific configurations. Organizations using affected versions should update immediately…