Topic: remote code execution
-
Patch Now: FortiWeb Pre-Auth RCE Exploits Released
A critical vulnerability (CVE-2025-25257, 9.8/10 severity) in Fortinet's FortiWeb WAF allows unauthenticated remote code execution via SQL injection, requiring immediate patching. Exploits leverage improper SQL sanitization in the Fabric Connector, enabling attackers to inject malicious commands ...
Read More » -
Active Exploits Target Critical Wing FTP Server Flaw (CVE-2025-47812)
A critical remote code execution flaw (CVE-2025-47812) in Wing FTP Server is being actively exploited, allowing unauthenticated attackers to execute arbitrary system commands with elevated privileges. The vulnerability stems from improper input validation in Wing FTP's web interfaces, enabling Lu...
Read More » -
Microsoft Warns of Active Attacks on On-Prem SharePoint Servers
Microsoft warns of active cyberattacks targeting on-premises SharePoint servers, risking sensitive data in critical industries like government and healthcare. Attackers bypass MFA and SSO protections, exploiting vulnerabilities (CVE-2025-53770 and CVE-2025-53771) to steal data and compromise link...
Read More » -
Patch Now: Public Exploits for FortiWeb RCE Flaw (CVE-2025-25257)
CVE-2025-25257 is a critical remote code execution flaw in FortiWeb's Fabric Connector, allowing attackers to inject SQL commands via HTTP/S requests and gain root access, prompting urgent patching. Public proof-of-concept exploits have emerged, lowering the attack barrier, with unauthent...
Read More » -
Roundcube RCE Flaw (CVE-2025-49113) Sparks Dark Web Attack Fears
A critical vulnerability (CVE-2025-49113) in Roundcube webmail allows attackers to execute malicious code, putting thousands of unpatched servers at risk, with exploit code already circulating. Around 84,000 exposed Roundcube installations, primarily in Europe, Asia, and North America, include hi...
Read More »
