Critical Vulnerability

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

CVE News

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Security researcher Alessandro Sgreccia (aka “rainpwn”) has disclosed critical vulnerabilities in Zyxel’s USG FLEX-H firewall series, enabling...

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

CVE News

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Organizations using Commvault’s backup and recovery software are under immediate threat due to an actively exploited pre-authenticated...

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

CVE News

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

A critical SQL injection vulnerability (CVE-2025-43949) has been identified in MuM MapEdit version 24.2.3, posing significant risk...

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

APT-News

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

The widely used xrpl.js library, a critical component for interacting with the XRP Ledger, was compromised in...

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

CVE News

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

A critical remote code execution vulnerability has been identified in Dell EMC’s Integrated Dell Remote Access Controller...

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

CVE News

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

A critical Remote Code Execution (RCE) vulnerability has been identified in ASUS ASMB8 iKVM firmware versions ≤1.14.51,...

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

CVE News

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

A critical vulnerability in NagVis 1.9.33, tracked as CVE-2022-46945, allows unauthenticated attackers to read arbitrary files via...

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

CVE News

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

A critical unauthenticated Cross-Site Scripting (XSS) vulnerability has been identified in ABB Cylon Aspect firmware version 4.00.00,...

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

CVE News

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

A critical unauthenticated SQL injection vulnerability (CVE-2024-11728) has been identified in KiviCare Clinic & Patient Management System...

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

CVE News

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

A critical supply chain attack has compromised Ripple’s official xrpl.js NPM package, injecting malicious code designed to...

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Data Breach

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

In February 2024, Baltimore City Public Schools suffered a significant ransomware attack compromising over 25,000 records of...

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

CVE News

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

A critical zero-day remote code execution (RCE) vulnerability in Active! Mail, a widely used Japanese webmail client,...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

CVE News

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-34028, has been disclosed in Commvault Command Center...

Technical Analysis: Google’s DKIM Replay Phishing Scams and Mitigation Strategies

Blue-Team

Technical Analysis: Google’s DKIM Replay Phishing Scams and Mitigation Strategies

A new wave of highly convincing phishing emails impersonating Google has emerged, exploiting DKIM replay attacks and...

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

CVE News

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

A newly disclosed critical vulnerability in IBM’s Hardware Management Console (HMC) for Power Systems could allow local...

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

CVE News

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

A critical buffer overflow vulnerability in Symantec pcAnywhere, identified as CVE-2011-3478, allows unauthenticated attackers to execute arbitrary...

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

CVE News

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

A critical vulnerability in the Greenshift WordPress plugin (CVE-2025-3616) allows authenticated attackers to upload arbitrary files, potentially...

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29659): Technical Analysis and Mitigation

CVE News

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29659): Technical Analysis and Mitigation

A critical remote code execution (RCE) vulnerability, designated as CVE-2025-29659, has been identified in the Yi IoT...

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29660): Analysis and Mitigation

CVE News

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29660): Analysis and Mitigation

A critical remote code execution (RCE) vulnerability (CVE-2025-29660) has been identified in the Yi IoT XY-3820 firmware...

Posts pagination

Previous 1 2 3 4 5 6 Next

Critical Vulnerability

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Critical SQL Injection Vulnerability in MuM MapEdit 24.2.3 (CVE-2025-43949)

Supply Chain Attack Compromises xrpl.js Library to Steal XRP Wallet Keys

Critical Remote Code Execution Vulnerability in Dell EMC iDRAC7/iDRAC8 (CVE-2018-1207)

Critical RCE Vulnerability in ASUS ASMB8 iKVM Firmware (CVE-2023-26602)

NagVis 1.9.33 Arbitrary File Read Vulnerability (CVE-2022-46945): Analysis and Mitigation

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Active! Mail Zero-Day RCE Exploited in Attacks Against Japanese Organizations

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Critical RCE Vulnerability in Commvault Command Center (CVE-2025-34028)

Critical IBM Hardware Management Console Vulnerability Allows Local Command Execution (CVE-2025-1950)

Critical Symantec pcAnywhere Remote Code Execution Vulnerability (CVE-2011-3478)

Greenshift WordPress Plugin Vulnerability (CVE-2025-3616): Arbitrary File Upload Analysis

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29659): Technical Analysis and Mitigation

Critical RCE Vulnerability in Yi IoT XY-3820 (CVE-2025-29660): Analysis and Mitigation

You may have missed

Russia’s Throttling of Cloudflare: Technical Impact and Security Implications

Livestreamed Child Exploitation: Technical and Legal Implications of a Disturbing Case

UNFI Cyberattack: Supply Chain Disruption and Recovery Analysis

Hawaiian Airlines Cyberattack: IT Systems Compromised, Flight Operations Unaffected