Tag: cvss
-
Two CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial Control
Cybersecurity researchers have disclosed two critical security flaws impacting Red Lion Sixnet remote terminal unit (RTU) products that, if successfully exploited, could result in code execution with the highest privileges.The shortcomings, tracked as CVE-2023-40151 and CVE-2023-42770, are both rated 10.0 on the CVSS scoring system.”The vulnerabilities affect Red Lion SixTRAK and VersaTRAK First seen on…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
SAP has rolled out security fixes for 13 new security issues, including additional hardening for a maximum-severity bug in SAP NetWeaver AS Java that could result in arbitrary command execution.The vulnerability, tracked as CVE-2025-42944, carries a CVSS score of 10.0. It has been described as a case of insecure deserialization.”Due to a deserialization vulnerability in…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Oracle E-Business Suite Flaw Enables Remote Code Execution and Data Theft
Tags: business, cvss, cyber, data, flaw, oracle, remote-code-execution, software, theft, vulnerabilityOracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication. The flaw, identified asCVE-2025-61884, affects multiple versions of the widely used enterprise software and has been assigned a CVSS score of 7.5, indicating high…
-
GitHub Copilot Flaw Allows Attackers to Steal Source Code from Private Repositories
A critical weakness in GitHub Copilot Chat discovered in June 2025 exposed private source code and secrets to attackers. Rated CVSS 9.6, the vulnerability combined a novel Content Security Policy bypass with remote prompt injection. By embedding hidden prompts in pull requests, attackers could exfiltrate private repository data and control Copilot’s responses, including injecting malicious…
-
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client…
-
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client…
-
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a malicious Lua script can exploit the garbage collector to trigger a use-after-free vulnerability and enable…
-
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/
-
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/
-
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately. First seen on hackread.com Jump to article: hackread.com/medusa-ransomware-goanywhere-mft-flaw-microsoft/
-
Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patch-now-redishell-redis-rce
-
13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances.The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0.”An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,…
-
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
Tags: advisory, cve, cvss, cyber, data-breach, exploit, flaw, ransomware, rce, remote-code-execution, threat, vulnerability, zero-dayA critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems,…
-
13-Year-Old Redis RCE Flaw Lets Attackers Seize Complete Host Control
Tags: control, cve, cvss, cyber, cybersecurity, data, flaw, rce, remote-code-execution, vulnerabilityA remote code execution vulnerability discovered in Redis, the widely-used in-memory data structure store, has sent shockwaves through the cybersecurity community. The flaw, designated CVE-2025-49844 and dubbed >>RediShell
-
Cl0p nutzt Schwachstelle bei Oracle aus
Tags: authentication, breach, bug, business, cve, cvss, cyberattack, exploit, linkedin, mail, mandiant, oracle, update, vulnerability, zero-dayDie Cl0p-Bande nutzt Zero-Day-Schwachstelle bei Oracle für Cyberattacken aus.Oracle hat ein Notfall-Update veröffentlicht, um eine kritische Sicherheitslücke in seiner E-Business Suite (EBS) zu beheben. Das Leck mit Kennung CVE-2025-61882 hat einen CVSS-Score von 9,8 und wurde bereits bei der jüngsten Welle von Cl0p zum Diebstahl von Daten ausgenutzt.Die Sicherheitslücke betrifft einen nicht näher bezeichneten Fehler,…
-
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. >>Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory CVE-2025-61882 to provide updates against additional potential exploitation that were discovered during our investigation.
-
Critical Zero-Day in Oracle E-Business Suite Prompts Urgent Security Updates
Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of the most critical threats to the…
-
Critical Zero-Day in Oracle E-Business Suite Prompts Urgent Security Updates
Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of the most critical threats to the…