Tag: cvss
-
Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches
by
in SecurityNewsTaiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees.The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0.”Multiple Moxa PT switches are vulnerable to an authentication bypass…
-
Elastic Issues Urgent Update for Critical Kibana Vulnerability Exposing Remote Code Execution Risk
by
in SecurityNewsElastic has released a critical security update to address a vulnerability in Kibana, a widely used data visualization and analysis tool for Elasticsearch. This Kibana vulnerability, identified as CVE-2025-25012, could allow attackers to execute arbitrary code on affected systems, posing a severe threat to organizations using Kibana. The vulnerability, categorized under the CVSS scoring system…
-
Windows KDC Proxy RCE Vulnerability Allows Remote Server Takeover
by
in SecurityNews
Tags: authentication, control, cvss, cyber, flaw, microsoft, rce, remote-code-execution, vulnerability, windowsA recently patched remote code execution (RCE) vulnerability in Microsoft Windows’ Key Distribution Center (KDC) Proxy implementation allows unauthenticated attackers to take control of vulnerable servers through manipulated Kerberos authentication traffic. Designated CVE-2024-43639 and rated 9.8 CVSS, this critical flaw stems from improper validation of message lengths during ASN.1 encoding operation, enabling memory corruption attacks. The vulnerability…
-
Millions of WordPress Websites Vulnerable to Script Injection Due to Plugin Flaw
by
in SecurityNewsA critical security vulnerability in theEssential Addons for Elementorplugin, installed on over 2 million WordPress websites, has exposed sites to script injection attacks via malicious URL parameters. The flaw, tracked as CVE-2025-24752 and scoring 7.1 (High) on the CVSS scale, allowed attackers to execute reflected cross-site scripting (XSS) attacks by exploiting insufficient input sanitization in the plugin’s password reset…
-
LockBit Ransomware Strikes: Exploiting a Confluence Vulnerability
by
in SecurityNews
Tags: attack, cvss, cyber, data-breach, exploit, lockbit, malicious, ransomware, remote-code-execution, vulnerability, windowsIn a swift and highly coordinated attack, LockBit ransomware operators exploited a critical remote code execution vulnerability (CVE-2023-22527) in Atlassian Confluence servers, targeting an exposed Windows server. This vulnerability, rated CVSS 10.0, enabled unauthenticated attackers to execute arbitrary commands by injecting malicious Object-Graph Navigation Language (OGNL) expressions into improperly sanitized template files. The attack commenced…
-
Critical Vulnerability in Fluent Bit Exposes Cloud Services to Potential Cyber Attacks
by
in SecurityNews
Tags: attack, cloud, computing, cve, cvss, cyber, data-breach, flaw, infrastructure, metric, service, tool, vulnerabilityA critical security flaw in Fluent Bit, a widely adopted log processing and metrics collection tool part of the Cloud Native Computing Foundation (CNCF), has exposed enterprise cloud infrastructures to denial-of-service (DoS) attacks. Designated as CVE-2024-50608 and CVE-2024-50609, these vulnerabilities”, scoring 8.9 on the CVSS v3.1 severity scale”, stem from improper handling of HTTP headers…
-
Windows Disk Cleanup Tool Exploit Allows SYSTEM Privilege Escalation
by
in SecurityNewsMicrosoft has urgently addressed a high-severity privilege escalation vulnerability (CVE-2025-21420) in the Windows Disk Cleanup Utility (cleanmgr.exe) during its February 2025 Patch Tuesday updates. The flaw, scoring 7.8 on the CVSS scale, enabled attackers to execute malicious code with SYSTEM privileges through DLL sideloading techniques. Technical Mechanism of the Exploit The vulnerability leverages cleanmgr.exe’s privileged…
-
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
by
in SecurityNewsCitrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0It has been described as a case of improper…
-
Priorisierung von Schwachstellen – Sicherheitslücken nur mit CVSS bewerten reicht nicht!
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/bewertung-sicherheitsluecken-mehr-als-cvss-a-a2181acbc6bd56328a612063a1d3e849/
-
Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication
by
in SecurityNewsJuniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.”An Authentication Bypass Using…
-
Juniper Issues Warning About Critical Authentication Bypass Vulnerability
by
in SecurityNewsJuniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over devices. The flaw carries maximum severity ratings of 9.8 under CVSS v3.1 and 9.3 under…
-
Cybersecurity experts defend CVSS amid criticism
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cybersecurity-experts-defend-cvss-amid-criticism
-
Ivanti fixes 4 critical flaws, including CVSS 9.9 in Connect Secure
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/ivanti-fixes-4-critical-flaws-including-cvss-9-9-in-connect-secure
-
CISA, FBI call software with buffer overflow issues ‘unforgivable’
by
in SecurityNewsMicrosoft, VMWare, Ivanti flaws called out: The feds highlighted a list of buffer overflow bugs affecting leading vendors like Microsoft, Ivanti, VMWare, Citrix and RedHat, ranging from high to critical severity, and some already having in-the-wild exploits.The list included two Microsoft flaws that could allow, local attackers in container-based environments to gain system privileges (CVE-2025-21333),…
-
Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software
by
in SecurityNewsPalo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass.The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.”An authentication bypass in the…
-
Hackers Exploit Ivanti Connect Secure Vulnerability to Inject SPAWNCHIMERA malware
by
in SecurityNews
Tags: cve, cvss, cyber, cybersecurity, exploit, flaw, hacker, ivanti, malware, remote-code-execution, vulnerability, zero-dayIn a concerning development, cybersecurity experts have identified active exploitation of a critical vulnerability in Ivanti Connect Secure (ICS) appliances, tracked as CVE-2025-0282. This zero-day vulnerability, a stack-based buffer overflow with a CVSS score of 9.0, has been leveraged by attackers to deploy the advanced SPAWNCHIMERA malware. The flaw permits unauthenticated remote code execution, enabling…
-
SonicWall Firewalls Exploit Hijack SSL VPN Sessions to Gain Networks Access
by
in SecurityNewsSonicWall firewalls running specific versions of SonicOS are vulnerable to a critical authentication bypass flaw, tracked as CVE-2024-53704, which allows attackers to hijack active SSL VPN sessions. This vulnerability has been classified as high-risk, with a CVSS score of 8.2. It affects SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used in various Gen…
-
Hackers breach Microsoft IIS services using Cityworks RCE bug
by
in SecurityNewsHackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments, a GIS-centric asset and work order management software, to execute codes on a customers’ Microsoft web servers.In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994 with CVSS rating…
-
Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities
by
in SecurityNewsZimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions.The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service…
-
Logsign Vulnerability Allows Remote Attackers to Bypass Authentication
by
in SecurityNewsA critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked asCVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the >>Critical
-
CommandSchwachstelle Security-Tool mit maximalem CVSS Score von 10.0
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/aviatrix-netzwerk-controller-sicherheitsluecke-patch-a-c2378f118cb6e85d1117f6c8d24e3167/
-
Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-fixes-cvss-9-9-vulnerability-in-azure-ai-face-service
-
New Veeam Flaw Allows Arbitrary Code Execution via Manthe-Middle Attack
by
in SecurityNewsVeeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.”A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to…
-
Critical Netgear Vulnerabilities Allow Hackers to Execute Remote Code
by
in SecurityNewsNetgear has addressed critical security vulnerabilities in several of its popular router models that could allow hackers to execute remote code without authentication. If not resolved promptly, these vulnerabilities pose a significant risk to affected devices, potentially enabling malicious actors to compromise networks. Critical Security Threat The vulnerability, rated as Critical with a CVSS score of 9.8,…