Tag: flaw
-
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr…
-
CISA, security researchers warn FortiCloud SSO flaw is under attack
The exploitation activity comes weeks after a similar authentication bypass vulnerability was found. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-researchers-warn-forticloud-flaw-attack/810861/
-
Cal.com Access Control Flaws Expose Millions of Bookings
Researchers found access control flaws in Cal.com that could enable account takeover and expose sensitive booking data across organizations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cal-com-access-control-flaws-expose-millions-of-bookings/
-
Nation-state and criminal actors leverage WinRAR flaw in attacks
Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. The WinRAR…
-
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling.…
-
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).The list of vulnerabilities is as follows -CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated First seen on thehackernews.com…
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
OpenSSL Vulnerabilities Cause Risk of Remote Code Execution
OpenSSL patched 12 flaws found by AISLE, including a high-severity bug that could enable remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/openssl-vulnerabilities-cause-risk-of-remote-code-execution/
-
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack
Fortinet says attackers are actively exploiting CVE-2026-24858 to gain administrative access via FortiCloud SSO. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortinet-confirms-cve-2026-24858-sso-flaw-under-active-attack/
-
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
-
Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)
Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other…
-
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
CVE-2025-56005 allows remote code execution in Python PLY via unsafe pickle deserialization during startup. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cve-2025-56005-python-ply-flaw-enables-remote-code-execution/
-
Autonomous System Uncovers Long-Standing OpenSSL Flaws
A recent update has fixed 12 vulnerabilities in OpenSSL, some existing in the codebase for years First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/12-openssl-flaws/
-
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/
-
React Server Components Flaws Enable DoS Attacks
High-severity flaws in React Server Components enable unauthenticated denial-of-service attacks that can disrupt application availability. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/react-server-components-flaws-enable-dos-attacks/
-
Hackers Still Using Patched WinRAR Flaw for Malware Drops, Warns Google
The Google Threat Intelligence Group (GTIG) warns that nation-state actors and financially motivated threat actors are exploiting a… First seen on hackread.com Jump to article: hackread.com/hackers-patch-winrar-flaw-malware-google/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
TP-Link Archer Router Flaw Exposes Users to Remote Attacks and Full Device Control
A high command injection vulnerability has been discovered in TP-Link’s Archer MR600 v5 router, enabling authenticated attackers to execute arbitrary system commands through the device’s admin interface. The flaw, tracked as CVE-2025-14756, represents a significant security risk for enterprise and home users relying on this widely deployed network equipment. Vulnerability Details Security researchers identified the…
-
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating system.The vulnerability, tracked as CVE-2026-22709, carries a CVSS score of 9.8 out of 10.0 on the CVSS scoring system.”In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch First…
-
Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution.The weaknesses, discovered by the JFrog Security Research team, are listed below -CVE-2026-1470 (CVSS score: 9.9) – An eval injection vulnerability that could allow an authenticated user to bypass the Expression…
-
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads.”Discovered and patched in July 2025, government-backed threat actors linked to Russia and China as well as financially motivated First…
-
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun
Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilities collectively tracked as “PackageGate” affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and…
-
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it’s…
-
Fixes released for a serious Microsoft Office zero-day flaw
This article originally appeared on Computerworld. First seen on csoonline.com Jump to article: www.csoonline.com/article/4123146/fixes-released-for-a-serious-microsoft-office-zero-day-flaw-2.html
-
Microsoft Issues Emergency Patch for Active Office Zero-Day
Microsoft released an emergency Office patch to fix an actively exploited zero-day flaw that lets attackers bypass security via malicious files. The post Microsoft Issues Emergency Patch for Active Office Zero-Day appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-office-zero-day-emergency-patch-january-2026/
-
Critical Telnet Server Flaw Exposes Forgotten Attack Surface
While telnet is considered obsolete, the network protocol is still used by hundreds of thousands of legacy systems and IoT devices for remote access. First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/critical-telnet-server-flaw-forgotten-attack-surface
-
Telnet Flaw: 800,000 Servers at Risk Amid Active Attacks
Telnet Flaw Allows Unauthenticated Users to Gain Root Access. Hackers are on the hunt for open telnet ports in servers after discovering that a version of legacy client-server application protocol is vulnerable to an authentication bypass vulnerability. More than 800,000 servers could be actively targeted in the wild. First seen on govinfosecurity.com Jump to article:…
-
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/winrar-path-traversal-flaw-still-exploited-by-numerous-hackers/
-
News brief: Security flaws put thousands of systems at risk
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366637386/News-brief-Security-flaws-put-thousands-of-systems-at-risk