Topic: cvss score
-
Microsoft Silent as Hackers Exploit WSUS Server Bug
A critical Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) is being actively exploited, allowing attackers to execute arbitrary code and take full control of affected systems. Microsoft issued an emergency patch after an initial fix failed, but security researchers have alrea...
Read More » -
SolarWinds Help Desk Flaw Under Active Attack
A critical vulnerability (CVE-2025-40551) in SolarWinds Web Help Desk is under active attack, allowing unauthenticated attackers to execute remote code and gain administrative control, prompting urgent patching orders from US authorities. The flaw is one of four critical vulnerabilities, all with...
Read More » -
Critical FortiSIEM Flaw Patched: Remote Code Execution Risk
A critical, unauthenticated OS command injection vulnerability (CVE-2025-64155) in Fortinet's FortiSIEM platform allows remote attackers to execute arbitrary code and take full control of systems. The flaw, found in the phMonitor service, involves a two-stage attack: unauthenticated argument inje...
Read More » -
Critical "Ni8mare" Bug Allows Hackers to Take Over n8n Servers
A critical, maximum-severity vulnerability (CVSS 10.0) in n8n allows unauthenticated remote attackers to take control of servers, posing a major risk due to the platform's widespread use and integration with sensitive enterprise systems. The flaw, named "Ni8mare," is a path traversal issue where ...
Read More » -
CISA Flags Spyware Zero-Day in Urgent Security Alert
US authorities issued a critical security alert for a high-risk vulnerability in Samsung mobile devices, exploited since mid-2024 to install spyware via malicious files on WhatsApp. The vulnerability, CVE-2025-21042 with a CVSS score of 9.8, enables attackers to use LandFall spyware for surveilla...
Read More » -
Oracle Issues Urgent Patch for Critical E-Business Suite Flaw
Oracle has released an urgent security patch for a critical vulnerability (CVE-2025-61884) in its E-Business Suite, which can be exploited remotely without authentication to access confidential information. The vulnerability, with a CVSS score of 7.5, affects EBS versions 12.2.3 to 12.2.14, and O...
Read More » -
Critical Windows Admin Center Flaw Exposed by Microsoft (CVE-2026-26119)
Microsoft has patched a critical privilege-escalation vulnerability (CVE-2026-26119) in Windows Admin Center, which could allow attackers with basic credentials to gain elevated system rights. The flaw, involving improper authentication, is remotely exploitable with low complexity and no user int...
Read More » -
Pyodide Sandbox Escape Leads to Grist-Core RCE Vulnerability
A critical vulnerability in Grist-Core allowed remote code execution via a malicious spreadsheet formula, enabling attackers to compromise the host system. The flaw involved escaping the Python sandbox to execute arbitrary commands, turning a spreadsheet into an active attack tool, especially ris...
Read More » -
Critical WatchGuard VPN Flaw Actively Exploited
A critical, actively exploited vulnerability (CVE-2025-14733) in WatchGuard's Fireware OS allows unauthenticated remote attackers to execute arbitrary code on affected systems. The flaw impacts systems using specific IKEv2 VPN configurations, and patches are available for most supported versions,...
Read More » -
Patch Now: CISA Warns of Active Oracle Identity Manager Attack
A critical vulnerability (CVE-2025-61757) in Oracle Identity Manager is being actively exploited, allowing unauthenticated attackers to execute arbitrary code via HTTP. CISA has urgently added this flaw to its Known Exploited Vulnerabilities catalog, advising immediate patching or isolation of af...
Read More » -
Cisco Patches Actively Exploited Zero-Day RCE Vulnerability
Cisco has patched a critical, actively exploited zero-day vulnerability (CVE-2026-20045) that allows remote attackers to gain root control over its communication platforms by sending malicious HTTP requests. The flaw impacts multiple products including Unified Communications Manager and Webex Cal...
Read More » -
Unpatched Gogs Bug Actively Exploited, CISA Warns
A critical vulnerability (CVE-2025-8110) in the Gogs platform is being actively exploited, allowing authenticated users to achieve remote code execution by overwriting files via a symbolic link flaw. Over 700 Gogs instances have already been compromised, with no official patch yet available, thou...
Read More » -
Critical RCE Flaw in Western Digital My Cloud NAS (CVE-2025-30247)
Western Digital has released a critical firmware update (version 5.31.108) to fix a severe remote code execution vulnerability (CVE-2025-30247) in multiple My Cloud NAS models, urging immediate installation to prevent unauthorized access and system takeover. The vulnerability is an OS command inj...
Read More »