Topic: command injection
-
CISA Orders Agencies to Patch Critical Fortinet Flaw in 7 Days
CISA has mandated a 7-day deadline for U.S. government agencies to patch CVE-2025-58034, a critical Fortinet FortiWeb vulnerability being actively exploited in zero-day attacks. The vulnerability is an OS command injection flaw that allows authenticated attackers to execute arbitrary code with ro...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical CentOS Bug
A critical security flaw (CVE-2025-48703) in CentOS Web Panel allows unauthenticated attackers to execute arbitrary commands, prompting CISA to issue an urgent patch-or-discontinue directive by November 25. The vulnerability stems from improper handling of the 'changePerm' endpoint and unsanitize...
Read More » -
Urgent WD My Cloud Flaw Enables Remote Hacks
Western Digital released an urgent firmware update (version 5.31.108) to fix a critical security flaw (CVE-2025-30247) in multiple My Cloud NAS devices, which allows remote command execution via crafted HTTP requests. The update applies to several models, but end-of-support devices like the My Cl...
Read More » -
Critical Vulnerability Found in W3 Total Cache WordPress Plugin
A critical security flaw (CVE-2025-9501) in the W3 Total Cache WordPress plugin allows unauthenticated attackers to execute arbitrary PHP commands via specially crafted comments, affecting all versions before 2.8.13. The vulnerability, located in the `_parse_dynamic_mfunc()` function, was fixed i...
Read More » -
Urgent: Critical Web Panel Flaw Actively Exploited (CVE-2025-48703)
A critical security vulnerability (CVE-2025-48703) in Control Web Panel (CWP) is being actively exploited, posing a severe threat to web hosting environments and prompting its addition to CISA's Known Exploited Vulnerabilities catalog. The flaw is an OS command injection that allows unauthenticat...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Hackers Actively Exploit Critical BeyondTrust RCE Flaw
A critical command injection vulnerability (CVE-2026-1731) in BeyondTrust's remote access software is being actively exploited, allowing unauthenticated attackers to run arbitrary commands on unpatched systems. Threat intelligence confirms widespread scanning and exploitation, with attackers abus...
Read More » -
Urgent: Actively Exploited FortiWeb Flaw Patched (CVE-2025-58034)
A critical OS command injection vulnerability (CVE-2025-58034) in FortiWeb firewalls is being actively exploited, allowing attackers to execute arbitrary commands via manipulated HTTP or CLI requests. The vulnerability affects multiple FortiWeb versions, and organizations must upgrade to patched ...
Read More » -
Microsoft Patches 56 Flaws, Including Two Zero-Days Under Active Attack
Microsoft's final 2025 security update patches 56 vulnerabilities, including three critical flaws, with two already being actively exploited. The most urgent fix is for CVE-2025-62221, a privilege escalation flaw in Windows that is under active attack and requires prompt patching. Other significa...
Read More » -
Thousands of Ruckus Networks Devices Vulnerable Due to Unpatched Flaws
Thousands of Ruckus Networks devices are exposed to critical unpatched vulnerabilities, allowing attackers to take control of enterprise wireless environments. The flaws affect Ruckus Virtual Smart Zone (vSZ) and Ruckus Network Director (RND), enabling risks like hardcoded credentials, authentica...
Read More » -
Windows 11 Notepad Bug Executes Files Via Markdown Links
A high-severity vulnerability in Windows 11 Notepad allowed attackers to execute malicious code remotely by tricking users into clicking a malicious link within a Markdown file. The flaw exploited the app's Markdown preview feature, where specially crafted links using non-standard protocols could...
Read More » -
ShadowV2 Botnet Exploited AWS Outage in Malware Test
ShadowV2 is a new botnet based on the Mirai framework that compromises IoT devices from brands like D-Link and TP-Link, exploiting at least eight security vulnerabilities to spread. The botnet targets routers, NAS systems, and DVRs globally across sectors including government and technology, and ...
Read More » -
Fortinet warns of critical FortiCloud SSO auth bypass flaw
Fortinet has patched two critical authentication bypass vulnerabilities (CVE-2025-59718 & CVE-2025-59719) in several products, which could allow attackers to gain unauthorized access via a crafted SAML message. The affected FortiCloud SSO feature is not enabled by default on new devices, but it i...
Read More »