Tag: cvss
-
Logsign Vulnerability Allows Remote Attackers to Bypass Authentication
by
in SecurityNewsA critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps Platform, allowing remote attackers to bypass authentication mechanisms. The vulnerability tracked asCVE-2025-1044, has been assigned a CVSS score of 9.8, placing it in the >>Critical
-
CommandSchwachstelle Security-Tool mit maximalem CVSS Score von 10.0
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/aviatrix-netzwerk-controller-sicherheitsluecke-patch-a-c2378f118cb6e85d1117f6c8d24e3167/
-
Microsoft fixes CVSS 9.9 vulnerability in Azure AI Face service
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-fixes-cvss-9-9-vulnerability-in-azure-ai-face-service
-
New Veeam Flaw Allows Arbitrary Code Execution via Manthe-Middle Attack
by
in SecurityNewsVeeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.”A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to…
-
Critical Netgear Vulnerabilities Allow Hackers to Execute Remote Code
by
in SecurityNewsNetgear has addressed critical security vulnerabilities in several of its popular router models that could allow hackers to execute remote code without authentication. If not resolved promptly, these vulnerabilities pose a significant risk to affected devices, potentially enabling malicious actors to compromise networks. Critical Security Threat The vulnerability, rated as Critical with a CVSS score of 9.8,…
-
CVSS Score 9.9 – Kritische Schwachstelle in Verwaltung von Cisco Meeting
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-sicherheitsluecke-cisco-meeting-management-a-79d4be5455d07c12bc63a0a670484619/
-
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
by
in SecurityNewsA security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.”Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker…
-
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
by
in SecurityNewsMicrosoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions.The flaws are listed below -CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege VulnerabilityCVE-2025-21415 (CVSS score: 9.9) – Azure AI Face Service First…
-
Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
by
in SecurityNewsA critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution on susceptible instances.The flaw, tracked as CVE-2025-22604, carries a CVSS score of 9.1 out of a maximum of 10.0.”Due to a flaw in the multi-line SNMP result…
-
CISA warns of critical, high-risk flaws in ICS products from four vendors
by
in SecurityNews
Tags: access, authentication, automation, cisa, cloud, computing, control, credentials, cve, cvss, cybersecurity, data, exploit, flaw, infrastructure, injection, leak, mitigation, monitoring, open-source, remote-code-execution, risk, service, software, threat, update, vulnerability, windowsThe US Cybersecurity and Infrastructure Security Alliance has issued advisories for 11 critical and high-risk vulnerabilities in industrial control systems (ICS) products from several manufacturers.The issues include OS command injection, unsafe deserialization of data, use of broken cryptographic algorithms, authentication bypass, improper access controls, use of default credentials, sensitive information leaks, and more. The flaws…
-
A pickle in Meta’s LLM code could allow RCE attacks
by
in SecurityNews
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
SonicWall SMA Appliances Exploited in Zero-Day Attacks
Critical security flaw in SonicWall SMA 1000 appliances (CVE-2025-23006) exploited as a zero-day. Rated CVSS 9.8, patch immediately… First seen on hackread.com Jump to article: hackread.com/sonicwall-sma-appliances-exploited-zero-day-attacks/
-
Critical Vulnerability in Meta Llama Framework Let Remote Attackers Execute Arbitrary Code
by
in SecurityNewsThe Oligo Research team has disclosed a critical vulnerability in Meta’s widely used Llama-stack framework. This vulnerability, tracked as CVE-2024-50050, allows remote attackers to execute arbitrary code on servers running the Llama-stack framework. Due to its potential impact, the flaw has been rated ascriticalwith a CVSS score of 9.3 (v4.0) and 9.8 (v3.1). The Meta Llama…
-
SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
by
in SecurityNews
Tags: advisory, attack, cve, cvss, cyber, exploit, incident response, security-incident, threat, update, vulnerabilityA critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors. SonicWall’s PSIRT (Product Security Incident Response Team) has issued an urgent advisory urging users to update their systems immediately to mitigate risks. Details of CVE-2025-23006 The vulnerability, which scores an alarming9.8/10on the CVSS v3 severity scale, stems from…
-
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
by
in SecurityNewsSonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.”Pre-authentication deserialization of untrusted data vulnerability has…
-
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
by
in SecurityNewsCisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances.The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco…
-
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
by
in SecurityNewsOracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services.The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible…
-
ChatGPT API flaws could allow DDoS, prompt injection attacks
by
in SecurityNewsOpenAI-owned ChatGPT might have a vulnerability that could allow threat actors to launch distributed denial of service (DDoS) attacks on unsuspecting targets. According to a discovery made by German security researcher Benjamin Flesch, the ChatGPT crawler, which OpenAI uses to collect data from the internet to improve ChatGPT, can be tricked into DDoSing arbitrary websites. “ChatGPT crawler…
-
ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks
by
in SecurityNewsSecurity researchers have uncovered a severe vulnerability in OpenAI’s ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service (DDoS) attacks. This loophole, characterized by a high severity CVSS score of 8.6, raises significant concerns regarding the scalability and security of AI services deployed on cloud platforms, specifically Microsoft’s Azure.…
-
PoC Exploit Released for QNAP RCE Vulnerability
by
in SecurityNewsA critical remote code execution (RCE) vulnerability, tracked as CVE-2024-53691, has recently come to light, affecting users of QNAP’s QTS and QuTS Hero operating systems. This vulnerability enables remote attackers with user access privileges to traverse the file system and run arbitrary code on affected systems. With a CVSS score of 8.7, the severity of…
-
Fortinet confirms zero-day flaw used in attacks against its firewalls
by
in SecurityNewsFortinet has confirmed the existence of a critical authentication bypass vulnerability in specific versions of FortiOS firewalls and FortiProxy secure web gateways. The flaw has been exploited in the wild since early December in what appears to be an indiscriminate and widespread campaign, according to cybersecurity firm Arctic Wolf.The fix for this zero-day is part…
-
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw
by
in SecurityNewsThe security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/cloud-attackers-exploit-max-critical-aviatrix-rce-flaw
-
SonicWall firewall hit with critical authentication bypass vulnerability
by
in SecurityNewsSonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication.The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit.”We have identified a high (severity) firewall vulnerability that…
-
Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
by
in SecurityNews
Tags: advisory, apt, attack, authentication, cve, cvss, cybersecurity, data-breach, exploit, flaw, google, government, group, intelligence, Internet, ivanti, law, mandiant, microsoft, network, rce, remote-code-execution, risk, software, threat, tool, vpn, vulnerability, zero-dayIT software provider Ivanti released patches Wednesday for its Connect Secure SSL VPN appliances to address two memory corruption vulnerabilities, one of which has already been exploited in the wild as a zero-day to compromise devices.The exploited vulnerability, tracked as CVE-2025-0282, is a stack-based buffer overflow rated as critical with a CVSS score of 9.0.…
-
Open source vulnerability scanner found with a serious vulnerability in its own code
by
in SecurityNewsA widely popular open-source tool, Nuclei, used for scanning vulnerabilities and weaknesses in websites, cloud applications, and networks is found to have a high-severity flaw that could potentially allow attackers to execute malicious codes on local systems.The flaw tracked as CVE-2024-43405 is assigned a CVSS score of 7.4 out of 10 and is said to…
-
Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
by
in SecurityNewsA high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code.Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0.”The…
-
Das anhaltende Risiko der Remote-Code-Ausführung
by
in SecurityNewsIm Jahr 2023 wurden fast 29.000 Schwachstellen veröffentlicht, 3.800 mehr als im Jahr 2022. Noch beunruhigender als die schiere Menge der Schwachstellen im Jahr 2023 ist, dass mehr als die Hälfte von ihnen mit einem CVSS-Score bewertet wurden, der auf einen hohen oder kritischen Schweregrad hinweist ein Anstieg von 57 % im Vergleich zum ……