Topic: command injection
-
Urgent WD My Cloud Flaw Enables Remote Hacks
Western Digital released an urgent firmware update (version 5.31.108) to fix a critical security flaw (CVE-2025-30247) in multiple My Cloud NAS devices, which allows remote command execution via crafted HTTP requests. The update applies to several models, but end-of-support devices like the My Cl...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Thousands of Ruckus Networks Devices Vulnerable Due to Unpatched Flaws
Thousands of Ruckus Networks devices are exposed to critical unpatched vulnerabilities, allowing attackers to take control of enterprise wireless environments. The flaws affect Ruckus Virtual Smart Zone (vSZ) and Ruckus Network Director (RND), enabling risks like hardcoded credentials, authentica...
Read More »