Tag: cvss
-
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0It has been described as a case of improper…
-
Priorisierung von Schwachstellen – Sicherheitslücken nur mit CVSS bewerten reicht nicht!
First seen on security-insider.de Jump to article: www.security-insider.de/bewertung-sicherheitsluecken-mehr-als-cvss-a-a2181acbc6bd56328a612063a1d3e849/
-
Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.”An Authentication Bypass Using…
-
Juniper Issues Warning About Critical Authentication Bypass Vulnerability
Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over devices. The flaw carries maximum severity ratings of 9.8 under CVSS v3.1 and 9.3 under…
-
Cybersecurity experts defend CVSS amid criticism
First seen on scworld.com Jump to article: www.scworld.com/brief/cybersecurity-experts-defend-cvss-amid-criticism
-
Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
First seen on scworld.com Jump to article: www.scworld.com/news/ivanti-fixes-4-critical-flaws-including-cvss-9-9-in-connect-secure
-
CISA, FBI call software with buffer overflow issues ‘unforgivable’
Microsoft, VMWare, Ivanti flaws called out: The feds highlighted a list of buffer overflow bugs affecting leading vendors like Microsoft, Ivanti, VMWare, Citrix and RedHat, ranging from high to critical severity, and some already having in-the-wild exploits.The list included two Microsoft flaws that could allow, local attackers in container-based environments to gain system privileges (CVE-2025-21333),…
-
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.”An authentication bypass in the…
-
Hackers Exploit Ivanti Connect Secure Vulnerability to Inject SPAWNCHIMERA malware
Tags: cve, cvss, cyber, cybersecurity, exploit, flaw, hacker, ivanti, malware, remote-code-execution, vulnerability, zero-dayIn a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability in Ivanti Connect Secure (ICS) appliances, tracked as CVE-2025-0282. This zero-day vulnerability, a stack-based buffer overflow with a CVSS score of 9.0, has been leveraged by attackers to deploy the advanced SPAWNCHIMERA malware. The flaw permits unauthenticated remote code execution, enabling…
-
SonicWall Firewalls Exploit Hijack SSL VPN Sessions to Gain Networks Access
SonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active SSL VPN sessions. This vulnerability has been classified as high-risk, with a CVSS score of 8.2. It affects SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used in various Gen…
-
Hackers breach Microsoft IIS services using Cityworks RCE bug
Hackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments, a GIS-centric asset and work order management software, to execute codes on a customers’ Microsoft web servers.In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994 with CVSS rating…
-
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service…
-
Logsign Vulnerability Allows Remote Attackers to Bypass Authentication
A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked asCVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the >>Critical
-
CommandSchwachstelle Security-Tool mit maximalem CVSS Score von 10.0
First seen on security-insider.de Jump to article: www.security-insider.de/aviatrix-netzwerk-controller-sicherheitsluecke-patch-a-c2378f118cb6e85d1117f6c8d24e3167/
-
Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service
First seen on scworld.com Jump to article: www.scworld.com/news/microsoft-fixes-cvss-9-9-vulnerability-in-azure-ai-face-service
-
New Veeam Flaw Allows Arbitrary Code Execution via Manthe-Middle Attack
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.”A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to…
-
Critical Netgear Vulnerabilities Allow Hackers to Execute Remote Code
Netgear has addressed critical security vulnerabilities in several of its popular router models that could allow hackers to execute remote code without authentication. If not resolved promptly, these vulnerabilities pose a significant risk to affected devices, potentially enabling malicious actors to compromise networks. Critical Security Threat The vulnerability, rated as Critical with a CVSS score of 9.8,…
-
CVSS Score 9.9 – Kritische Schwachstelle in Verwaltung von Cisco Meeting
First seen on security-insider.de Jump to article: www.security-insider.de/-sicherheitsluecke-cisco-meeting-management-a-79d4be5455d07c12bc63a0a670484619/
-
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.”Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker…
-
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.The flaws are listed below -CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege VulnerabilityCVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service First…
-
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.”Due to a flaw in the multi-line SNMP result…
-
CISA warns of critical, high-risk flaws in ICS products from four vendors
Tags: access, authentication, automation, cisa, cloud, computing, control, credentials, cve, cvss, cybersecurity, data, exploit, flaw, infrastructure, injection, leak, mitigation, monitoring, open-source, remote-code-execution, risk, service, software, threat, update, vulnerability, windowsThe US Cybersecurity and Infrastructure Security Alliance has issued advisories for 11 critical and high-risk vulnerabilities in industrial control systems (ICS) products from several manufacturers.The issues include OS command injection, unsafe deserialization of data, use of broken cryptographic algorithms, authentication bypass, improper access controls, use of default credentials, sensitive information leaks, and more. The flaws…
-
A pickle in Meta’s LLM code could allow RCE attacks
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
SonicWall SMA Appliances Exploited in Zero-Day Attacks
Critical security flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately… First seen on hackread.com Jump to article: hackread.com/sonicwall-sma-appliances-exploited-zero-day-attacks/
-
Critical Vulnerability in Meta Llama Framework Let Remote Attackers Execute Arbitrary Code
The Oligo Research team has disclosed a critical vulnerability in Meta’s widely used Llama-stack framework. This vulnerability, tracked as CVE-2024-50050, allows remote attackers to execute arbitrary code on servers running the Llama-stack framework. Due to its potential impact, the flaw has been rated ascriticalwith a CVSS score of 9.3 (v4.0) and 9.8 (v3.1). The Meta Llama…
-
SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
Tags: advisory, attack, cve, cvss, cyber, exploit, incident response, security-incident, threat, update, vulnerabilityA critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors. SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks. Details of CVE-2025-23006 The vulnerability, which scores an alarming9.8/10on the CVSS v3 severity scale, stems from…