Tag: flaw
-
ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation
ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user.The vulnerability, tracked as CVE-2025-12420, carries a CVSS score of 9.3 out of 10.0″This issue […] could enable an unauthenticated user to impersonate another…
-
Multiple Hikvision Flaws Allow Device Disruption via Crafted Network Packets
Hikvision has disclosed two high buffer overflow vulnerabilities affecting its security devices that could allow network-based attackers to cause device malfunctions. The security flaws, tracked as CVE-2025-66176 and CVE-2025-66177, impact select access control products and video recording systems. Both vulnerabilities stem from stack overflow issues in the device search and discovery feature. CVE ID Affected…
-
CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities (KEV) catalog.The vulnerability, tracked as CVE-2025-8110 (CVSS score: 8.7), relates to a case of path traversal in the repository file editor that could result in code execution.”Gogs…
-
New Angular Vulnerability Allows Attackers to Execute Malicious Payloads
A high Cross-Site Scripting (XSS) vulnerability has been discovered in Angular’s Template Compiler, potentially exposing millions of web applications to malicious JavaScript execution. The flaw, tracked as CVE-2026-22610, affects multiple versions of Angular’s core packages and carries a High severity rating with a CVSS score of 7.3/10. Attribute Details CVE ID CVE-2026-22610 Severity High (CVSS 4.0: 7.3/10) Vulnerability…
-
CISA Alerts on Actively Exploited Gogs Path Traversal Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Gogs, a self-hosted Git service, to its Known Exploited Vulnerabilities catalog, warning that the flaw is being actively exploited in the wild. Critical Vulnerability Details Tracked as CVE-2025-8110, the vulnerability is a path-traversal flaw in Gogs’ improper symbolic link handling in the PutContents…
-
U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, open-source, service, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Gogs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)addeda Gogspath traversal vulnerability, tracked as CVE-2025-8110 (CVSS Score of 8.7), to itsKnown Exploited Vulnerabilities (KEV) catalog. Gogs (Go Git Service) is a lightweight, open-source, self-hosted Git service written…
-
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Tags: attack, cisa, exploit, flaw, government, rce, remote-code-execution, update, vulnerability, zero-dayCISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
-
Meta fixes Instagram password reset flaw, denies data breach
Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims. Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data. >>We fixed an issue that let an…
-
PoC Released for Atarim Plugin Auth Bypass Vulnerability
A security researcher has published proof-of-concept code for a critical authentication bypass vulnerability in the Atarim WordPress plugin that could allow attackers to steal sensitive user data and system configuration details. The flaw, tracked as CVE-2025-60188, affects versions of the plugin that use insecure HMAC-based authentication. Field Details CVE ID CVE-2025-60188 GHSA ID GHSA-648j-fchv-3hrv Vulnerability…
-
Instagram Confirms No System Breach After External Password Reset Problem
Instagram has dismissed security breach concerns, clarifying that recent unexpected password reset emails were caused by an external party exploiting a now-patched vulnerability rather than a complete system compromise. The social media giant confirmed that a flaw in its systems allowed unknown threat actors to request password reset emails on behalf of users without actually…
-
Max severity Ni8mare flaw impacts nearly 60,000 n8n instances
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed “Ni8mare.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-impacts-nearly-60-000-n8n-instances/
-
âš¡ Weekly Recap: AI Automation Exploits, Telecom Espionage, Prompt Poaching & More
This week made one thing clear: small oversights can spiral fast. Tools meant to save time and reduce friction turned into easy entry points once basic safeguards were ignored. Attackers didn’t need novel tricks. They used what was already exposed and moved in without resistance.Scale amplified the damage. A single weak configuration rippled out to…
-
Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data
A newly disclosed vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial”‘of”‘service and server”‘side request forgery (SSRF) attacks if left unpatched. The flaw, tracked as CVE-2025-68493, is rated Important and affects a wide range of Struts 2 versions, putting many Java web applications at risk. Field Details CVE ID CVE-2025-68493…
-
Critical React Router Flaws Could Let Attackers Access or Modify Server Files
A critical vulnerability has been discovered in React Router and Remix that could allow attackers to access or modify sensitive files on web servers. The flaw affects multiple packages and has received a severity rating of Critical with a CVSS score of 8.8/10. Field Details CVE ID CVE-2025-61686 Severity Critical CVSS Score 8.8/10 Vulnerability Overview The security issue stems from…
-
Critical InputPlumber Flaw Enables UI Input Injection and DenialService
Security researchers have discovered critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, that could allow attackers to inject keystrokes, leak sensitive information, and cause denial-of-service conditions. The flaws, tracked as CVE-2025-66005 and CVE-2025-14338, affect InputPlumber versions before v0.69.0 and stem from inadequate D-Bus authorization checks. CVE ID Description Affected Versions Impact…
-
Critical zlib Flaw Let Attackers Can Trigger a Buffer Overflow via untgz
A severe buffer overflow vulnerability has been discovered in the zlib untgz utility, affecting version 1.3.1.2, allowing attackers to trigger memory corruption via maliciously crafted command-line arguments. The vulnerability resides in the TGZfname() function, where an unbounded strcpy() call copies user-supplied archive names directly into a fixed-size global buffer of 1024 bytes without any length…
-
CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. First seen on hackread.com Jump to article: hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/
-
News brief: Browser security flaws pose growing risk
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366636759/News-brief-Browser-security-flaws-pose-growing-risk
-
Trend Micro fixed a remote code execution in Apex Central
Trend Micro fixed three Apex Central flaws discovered by Tenable that could allow remote code execution or denial-of-service attacks. Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code. The researchers discovered the vulnerabilities in August 2025, which could enable remote code execution or denial-of-service attacks.…
-
Trend Micro Apex Central Flaws Enable Remote Code Execution
Trend Micro patched three Apex Central flaws that could allow unauthenticated remote code execution or service disruption. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/trend-micro-apex-central-flaws-enable-remote-code-execution/
-
OWASP CRS Vulnerability Enables Charset Validation Bypass
A newly disclosed vulnerability in theOWASP Core RuleSet (CRS)allows attackers to bypass charset validation in web application firewalls (WAFs), enabling dangerous payloads to reach backend applications. Tracked asCVE-2026-21876, the flaw affects CRS rule922110and can expose applications tocross-site scripting (XSS)and other encoding-based attacks. Administrators are strongly advised to upgradeimmediatelyand review historical logs for suspicious multipart requests…
-
Trend Micro Apex Central Flaw Enable Remote Code Execution Attacks
Trend Micro has issued a critical security update for Apex Central to address multiple remotely exploitable vulnerabilities, including a bug that allows unauthenticated attackers to execute code with SYSTEM-level privileges. Organizations running vulnerable builds are urged to patchimmediatelyto avoid both remote code execution anddenial-of-servicerisks.”‹ Critical flaws in Apex Central The update targets Apex Central for Windows and…
-
Telecom sector sees steady rise in ransomware attacks
A new threat intelligence report described a potent mixture of unpatched flaws and lax perimeter controls. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/telecom-ransomware-spike-cyble/809224/
-
OWASP CRS Flaw Lets Encoded Attacks Slip Past WAFs
A critical OWASP CRS flaw allows encoded XSS attacks to bypass WAF charset validation. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/owasp-crs-flaw-lets-encoded-attacks-slip-past-wafs/
-
Botnets, Breaches, and Critical Flaws Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/botnets-breaches-and-critical-flaws-define-this-week-in-cybersecurity/
-
CISA flags max-severity bug in HPE OneView amid active exploitation
Tags: api, authentication, cisa, endpoint, exploit, flaw, Hardware, intelligence, kev, monitoring, software, strategy, threat, update, vulnerabilityNot an ‘apply and move on’ solution: While CISA’s KEV inclusion raised the priority immediately, enterprises can’t treat OneView like a routine endpoint patch. Management-plane software is often deployed on-premises, sometimes on physical servers, and tightly coupled with production workflows. A rushed fix that breaks monitoring, authentication, or integrations can be almost as dangerous as…
-
Breach Roundup: Firewalls Headed for Obsolescence
Also, Sedgwick Confirms Breach, Romanian Power Firm Hit, D-Link Flaws Exploited. This week, Moody’s said firewalls will be obsolete, Romanian critical infrastructure hacked, Sedgwick breach and a D-Link DSL flaw. Finland seized the Fitburg. Microsoft said Direct Send not to blame for Exchange phishing. Malicious Chrome extensions, European hotels targeted and health breaches. First seen…
-
Trend Micro warns of critical Apex Central RCE vulnerability
Japanese cybersecurity software firm Trend Micro has patched a critical security flaw in Apex Central (on-premise) that could allow attackers to execute arbitrary code with SYSTEM privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trend-micro-fixes-critical-rce-flaw-in-apex-central-console/
-
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of…