Tag: cvss
-
CVE-2025-20188: Cisco Fixes 10.0-Rated Wireless Controller Flaw
Cisco has rolled out software patches to address a severe security vulnerability, tracked as CVE-2025-20188, in its IOS XE Wireless Controller software. The flaw, which has been assigned the highest possible CVSS score of 10.0, could allow unauthenticated remote attackers to gain full root access on affected systems. First seen on thecyberexpress.com Jump to article:…
-
Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system.The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system.”This vulnerability is due to the presence of a hard-coded JSON…
-
Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code
A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on vulnerable systems. The flaw, identified asCVE-2025-25014, carries a critical CVSS score of9.1, underscoring the urgency for organizations to update their deployments immediately. Elastic, the company behind Kibana, announced [ESA-2025-07] a critical…
-
‘Easily Exploitable’ Langflow Vulnerability Requires Immediate Patching
The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/easily-exploitable-langflow-vulnerability-patching
-
Schwachstelle in SAP-Netweaver-Visual-Composer ermöglicht Cyberkriminellen die Ausführung von Remotecode
Eine kritische Schwachstelle für den Datei-Upload mit einem CVSS-Score von 10,0 betrifft die Metadaten-Uploader-Komponente des SAP-NetWeaver-Visual-Composer. Als besonders schwerwiegende Sicherheitslücke vereint die Schwachstelle CVE-2025-31324 mehrere sehr große Risikofaktoren: Sie weist den maximalen CVSS-Score auf, benötigt keine Authentifizierung, betrifft ein in vielen großen Unternehmen weit verbreitetes Produkt und wurde bereits aktiv für die Ausführung von Remotecodes…
-
Critical Langflow Flaw Added to CISA KEV List Amid Ongoing Exploitation Evidence
Tags: cisa, cve, cvss, cybersecurity, exploit, flaw, infrastructure, kev, open-source, vulnerabilityA recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation.The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0.”Langflow contains a missing First…
-
CVE-2025-32433 betrifft alle Versionen bis OTP 27.3.2 10-Schwachstelle in Erlang/OTP-SSH
First seen on security-insider.de Jump to article: www.security-insider.de/ssh-fehler-erlang-otp-schwachstelle-cve-2025-32433-a-4cba6a51c11e40adcc3059ac36909de6/
-
Tesla Model 3 VCSEC Vulnerability Lets Hackers Run Arbitrary Code
A high security flaw in Tesla’s Model 3 vehicles, disclosed at the 2025 Pwn2Own hacking competition, allows attackers to execute malicious code remotely via the vehicle’s Tire Pressure Monitoring System (TPMS). The vulnerability, now patched, highlights growing risks in automotive cybersecurity. Detail Description CVE ID CVE-2025-2082 CVSS Score 7.5 (High) Adjacent Network Attack Vector […]…
-
Apache ActiveMQ Vulnerability Lets Remote Hackers Execute Arbitrary Code
A high vulnerability in Apache ActiveMQ’s .NET Message Service (NMS) library has been uncovered, enabling remote attackers to execute arbitrary code on unpatched systems. Tracked as CVE-2025-29953, this flaw carries a high CVSS score of 8.1 and impacts all versions of ActiveMQ before the latest security update. Vulnerability Overview The flaw resides in theBodyaccessor method of…
-
Google Chrome Vulnerability Allows Attackers to Bypass Sandbox Restrictions Technical Details Revealed
A severe vulnerability, identified as CVE-2025-2783, has been discovered in Google Chrome, specifically targeting the Mojo inter-process communication (IPC) component on Windows systems. This high-impact flaw, with a CVSS score of 8.8, stems from improper handle validation and management within Mojo, enabling remote attackers to craft malicious payloads that, when triggered through user interaction like…
-
Breaking Down CVE-2025-31324 A Clear Threat to SAP Business Operations
When a vulnerability is rated 9.9 out of 10 on the CVSS scale, it deserves immediate attention. CVE-2025-31324 affects SAP NetWeaver AS Java, a platform many businesses rely on every… The post Breaking Down CVE-2025-31324 A Clear Threat to SAP Business Operations appeared first on Strobes Security. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/04/breaking-down-cve-2025-31324-a-clear-threat-to-sap-business-operations/
-
Commvault warns of critical Command Center flaw
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
Critical Commvault SSRF could allow attackers to execute code remotely
Tags: access, authentication, ciso, cvss, data, exploit, flaw, infrastructure, network, ransomware, vulnerabilityPre-authentication increases exploitability: Heath Renfrow, CISO and co-founder at FEnix24, told CSO that the vulnerability is both “technically serious” and “operationally significant” for organizations, for a number of reasons.For starters, it enables pre-authentication exploitation, meaning that it can be triggered before any authentication is required, leading to high exploitability without the need for credentials. Additionally, the…
-
Critical Commvault Command Center Flaw Enables Attackers to Execute Code Remotely
A critical security flaw has been disclosed in the Commvault Command Center that could allow arbitrary code execution on affected installations.The vulnerability, tracked as CVE-2025-34028, carries a CVSS score of 9.0 out of a maximum of 10.0.”A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code…
-
Critical Langflow Flaw Enables Malicious Code Injection Technical Breakdown Released
Tags: ai, cve, cvss, cyber, endpoint, flaw, injection, malicious, open-source, remote-code-execution, risk, vulnerabilityA critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows. This flaw, residing in the platform’s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems. The…
-
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely
SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions. Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines. The…
-
PoC Released for Critical Erlang/OTP SSH RCE Vulnerability
Security teams across industries are urgently patching systems following the public release of a proof-of-concept (PoC) exploit for a newly disclosed critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation. The flaw, tracked as CVE-2025-32433 and assigned a maximum CVSS score of 10.0, enables unauthenticated attackers to execute arbitrary code, potentially taking complete control of affected systems.…
-
Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed… First seen on hackread.com Jump to article: hackread.com/researchers-cvss-severity-rce-vulnerability-erlang-otp-ssh/
-
Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions.The vulnerability, tracked as CVE-2025-32433, has been given the maximum CVSS score of 10.0.”The vulnerability allows an attacker with network access to an Erlang/OTP SSH First…
-
MITRE CVE Program Funding Set To Expire
Tags: cve, cvss, cybersecurity, data, github, identity, intelligence, mitre, monitoring, nist, technology, update, vulnerability, vulnerability-managementMITRE’s CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along…
-
Ransomware-Attacken stoßen in Windows-Lücke
Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windowsCyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
-
Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws
A newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally. The medium-severity vulnerability, with a CVSS score of 4.6, enables unauthenticated attackers on adjacent networks to compromise meeting integrity by executing arbitrary code. Zoom…
-
Apollo Router Vulnerability Enables Resource Exhaustion via Optimization Bypass
A critical vulnerability (CVE-2025-32032) has been identified in Apollo Router, a widely used GraphQL federation tool, allowing attackers to trigger resource exhaustion and denial-of-service (DoS) conditions. Rated7.5 (High)on the CVSS v3.1 scale, the flaw impacts users running unpatched versions of the software. Technical Overview The vulnerability resides in Apollo Router’s query planner, which failed to…
-
Bitdefender GravityZone Console PHP Vulnerability Lets Hackers Execute Arbitrary Commands
Cybersecurity firm Bitdefender has patched a severe flaw (CVE-2025-2244) in its GravityZone Console, which could allow unauthenticated attackers to execute arbitrary commands on vulnerable systems. The vulnerability, discovered by researcher Nicolas Verdier (@n1nj4sec), has a near-maximum CVSSv4 score of 9.5, highlighting its critical risk profile. CVE-2025-2244: Key Details CVE ID CVE-2025-2244 CVSS Score 9.5 (CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H) Affected…
-
Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild
April 5, 2025 Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA Gateways. Rated at a CVSS score of 9.0, this stack-based buffer overflow has been actively exploited since mid-March 2025, posing a severe risk to organizations using these […]…