Tag: cvss
-
Critical NVIDIA Container Toolkit Flaw Allows Privilege Escalation on AI Cloud Services
Cybersecurity researchers have disclosed a critical container escape vulnerability in the NVIDIA Container Toolkit that could pose a severe threat to managed AI cloud services.The vulnerability, tracked as CVE-2025-23266, carries a CVSS score of 9.0 out of 10.0. It has been codenamed NVIDIAScape by Google-owned cloud security company Wiz.”NVIDIA Container Toolkit for all platforms contains…
-
New Cisco Bugs Rated CVSS 10.0, Patch Immediately
Cisco has issued a new security advisory warning of newly discovered vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), revealing serious security flaws that could allow remote, unauthenticated attackers to execute arbitrary code on targeted systems with root privileges. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisco-cve-2025-20337-and-ise-pic-flaws/
-
Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity
Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An attacker could trigger the vulnerability to execute arbitrary code on the…
-
Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files
A critical security vulnerability has been discovered in Cisco’s Unified Intelligence Center that allows authenticated remote attackers to upload arbitrary files to affected systems, potentially enabling complete system compromise. The flaw, tracked as CVE-2025-20274, carries a CVSS score of 6.3 and has been assigned a High security impact rating by Cisco due to the potential…
-
Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code
Cisco has disclosed a new maximum-severity security vulnerability impacting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could permit an attacker to execute arbitrary code on the underlying operating system with elevated privileges.Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281, which was patched…
-
VMware ESXi and Workstation Vulnerabilities Allow Host-Level Code Execution
Broadcom disclosed four critical vulnerabilities in VMware’s virtualization suite on July 15, 2025, enabling attackers to escape virtual machines and execute code directly on host systems. The flaws, discovered through the Pwn2Own competition, affect ESXi, Workstation, Fusion, and VMware Tools across enterprise and desktop environments. Vulnerability Overview CVE ID Component Vulnerability Type CVSS Score Impact…
-
PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes
A critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux and macOS systems. CVE-2025-48384 affects Git installations usinggit clone recursiveon weaponized repositories, exploiting improper handling of carriage return characters in.gitmodulesfiles to bypass security controls. Field Details CVE ID CVE-2025-48384 CVSS…
-
CVSS 10 RCE in Wing FTP exploited within 24 hours, security researchers warn
Intruders looked up how to use curl mid-attack – rookie errors kept damage minimal First seen on theregister.com Jump to article: www.theregister.com/2025/07/11/1010_wing_ftp_bug_exploited/
-
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances.Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.”An improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability [CWE-89]…
-
Severe WordPress Plugin Flaw Puts 200,000 Sites at Risk of Full Takeover
A critical arbitrary file deletion vulnerability has been discovered in the SureForms WordPress plugin, affecting over 200,000 active installations and potentially enabling unauthenticated attackers to achieve full site takeover. The flaw, tracked as CVE-2025-6691 with a CVSS score of 8.8 (High), resides in versions up to 1.7.3 of the plugin, which is developed by Brainstorm…
-
Palo Alto Networks GlobalProtect Vulnerability Enabling Root-Level Access
Palo Alto Networks has disclosed a significant security vulnerability in its Autonomous Digital Experience Manager software that could allow attackers to gain root-level access on macOS systems. The vulnerability, tracked as CVE-2025-0139, affects versions 5.6.0 through 5.6.6 of the software and has been assigned a CVSS base score of 6.3, though the company’s internal scoring…
-
Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands.The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0.”The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it First seen…
-
AMD discloses new CPU flaws that can enable data leaks via timing attacks
Tags: access, attack, crowdstrike, cve, cvss, data, exploit, firmware, flaw, guide, leak, malware, microsoft, mitigation, risk, side-channel, strategy, supply-chain, threat, update, vulnerability, windowsCrowdStrike elevates threat classification despite CVSS scores: While AMD rates the vulnerabilities as medium and low severity based on attack complexity requirements, CrowdStrike has independently classified them as critical enterprise threats. The security firm specifically flagged CVE-2025-36350 and CVE-2025-36357 as “Critical information disclosure vulnerabilities in AMD processors,” despite both carrying CVSS scores of just 5.6.According…
-
Critical mcp”‘remote Vulnerability Enables LLM Clients to Remote Code Execution
The JFrog Security Research team has discovered a critical security vulnerability in mcp-remote, a widely used tool that enables Large Language Model clients to communicate with remote servers, potentially allowing attackers to achieve full system compromise through remote code execution. Severe Security Flaw Affects Popular AI Tool CVE-2025-6514, rated with a critical CVSS score of…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
PoC Exploits Released for CitrixBleed2: 127 Bytes Exfiltrated Per Request
Security researchers have released proof-of-concept exploits forCVE-2025-5777, a critical vulnerability in Citrix NetScaler ADC and Gateway devices dubbed >>CitrixBleed2.
-
How a 12-year-old bug in Sudo is still haunting Linux users
Sudo is trusting the wrong host: CVE-2025-32462, which remained unnoticed for over 12 years, requires a specific, but common configuration of restricting Sudo rules to certain hostnames or hostname patterns.According to the researchers, the sudoers file uses flexible syntax to suit any organization size, allowing a single configuration to work across Linux and UNIX systems…
-
Cisco Issues Emergency Fix for Critical Root Credential Flaw in Unified CM
Cisco fixes critical root credential vulnerability in Unified CM rated CVSS 10 urging users to patch now to stop remote admin takeovers. First seen on hackread.com Jump to article: hackread.com/cisco-emergency-fix-critical-root-credential-flaw-unified-cm/
-
Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)
Cisco has issued a new security advisory addressing a severe vulnerability in its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The flaw, now identified as CVE-2025-20309, carries the highest possible CVSS score of 10.0. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisco-patches-cve-2025-20309-vulnerability/
-
Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges.The vulnerability, tracked as CVE-2025-20309, carries a CVSS…
-
Maximaler CVSS-Score – Warnung vor enorm kritischen Cisco-Schwachstellen
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstellen-cisco-ise-ise-pic-sicherheitsupdates-a-caa17fe2e6d25482d8c1eb5b8e84da99/
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical security flaw in the popular Forminator WordPress plugin has put more than600,000 websitesworldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent researchers. The vulnerability, tracked as CVE-2025-6463 and rated 8.8 (High) on the CVSS scale, allows unauthenticated attackers to delete arbitrary files from affected servers”, potentially leading to full site…
-
Anthropic MCP Inspector Vulnerability Lets Hackers Run Arbitrary Code Remotely
A newly disclosed vulnerability in Anthropic’s Model Context Protocol (MCP) Inspector tool has sent shockwaves through the AI development community, exposing a critical attack vector that could allow hackers to execute arbitrary code on developers’ machines”, simply by luring them to a malicious website. CVE-2025-49596: A Critical Threat Tracked as CVE-2025-49596 and carrying a CVSS…
-
Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits
Tags: access, ai, cve, cvss, cybersecurity, exploit, intelligence, remote-code-execution, vulnerabilityCybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic’s Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts.The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0.”This…
-
IBM Cloud Pak Vulnerabilities Allow HTML Injection by Remote Attackers
Multiple security vulnerabilities in IBM Cloud Pak System enable remote attackers to execute HTML injection attacks, potentially compromising user data and system integrity. These flaws, detailed in recent IBM security bulletins, affect various versions of the platform and expose organizations to cross-site scripting (XSS) and prototype pollution attacks. CVE ID Description CVSS Score CVE-2025-2895 HTML…
-
Hackers Leverage Critical Langflow Flaw to Deploy Flodrix Botnet and Seize System Control
Tags: ai, botnet, control, cve, cvss, cyber, cyberattack, exploit, flaw, framework, hacker, rce, remote-code-execution, vulnerabilityA sophisticated cyberattack campaign has emerged, exploiting a critical vulnerability in Langflow, a widely-used Python-based framework for building AI applications, to deploy the destructive Flodrix botnet. Identified as CVE-2025-3248 and carrying a near-perfect CVSS score of 9.8, this unauthenticated remote code execution (RCE) flaw impacts Langflow versions prior to 1.3.0. Unveiling a Severe RCE Vulnerability…
-
Gefährliche Lücke in Brother-Druckern
Tags: access, authentication, bug, ceo, cve, cvss, cybersecurity, data-breach, firmware, jobs, network, service, update, vulnerability, wifiEine Schwachstelle in Brother-Druckern zur Umgehung der Authentifizierung kann mit einer anderen Lücke gekoppelt werden, um Code auf den betroffenen Geräten remote auszuführen.Brother Industries hat mit einer kritischen Sicherheitslücke zu kämpfen, die Hunderte verschiedener Druckermodelle betrifft. Diese Schwachstelle ermöglicht in Verbindung mit einer weiteren Lücke die Ausführung von nicht authentifiziertem Remote-Code (RCE) auf den Geräten.Das…