rce

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

• Vulnerability Report

Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

Ddos July 28, 2025 0

A critical command injection vulnerability has been disclosed in the widely used GitHub Action tj-actions/branch-names, affecting over...

Read More Read more about Critical Command Injection (CVE-2025-54416) in tj-actions/branch-names GitHub Action Exposes 5,000+ Repos

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

• Vulnerability Report

RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

Ddos July 28, 2025 0

Salesforce has released a security advisory addressing eight serious vulnerabilities affecting multiple versions of Tableau Server, the...

Read More Read more about RCE, SSRF & Data Exposure: Salesforce Patches 8 Serious Flaws in Tableau Server

Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack

• Malware

Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack

Ddos July 26, 2025 0

The lightweight JavaScript utility library is is a widely popular project on the NPM platform, boasting over...

Read More Read more about Popular ‘is’ JavaScript Library & Others Compromised in npm Supply Chain Attack

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

• Vulnerability Report

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

Ddos July 24, 2025 0

SonicWall has released a security updates for its Secure Mobile Access (SMA) 100 series appliances, addressing three...

Read More Read more about Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

• Vulnerability Report

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Ddos July 24, 2025 0

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

Read More Read more about Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

• Vulnerability Report

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Ddos July 24, 2025 0

TP-Link has issued a security advisory warning users of two critical operating system command injection vulnerabilities affecting...

Read More Read more about TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

• Vulnerability Report

CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

Ddos July 24, 2025 0

Dahua Technology has issued a security advisory addressing two high-severity vulnerabilities in its IP camera product line,...

Read More Read more about CVE-2025-31700 & CVE-2025-31701: Buffer Overflow Flaws in Dahua IP Cameras Expose Devices to RCE

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

• Vulnerability Report

18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Ddos July 24, 2025 0

Samsung’s widely used MagicINFO 9 Server, a digital signage management platform, was found multi security vulnerabilities. Security...

Read More Read more about 18 Serious Flaws (CVSS up to 9.8) Expose Samsung MagicINFO 9 Servers to Full Compromise

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

• Vulnerability

Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Ddos July 23, 2025 0

A newly released Metasploit module highlights the critical threat posed by an actively exploited remote code execution...

Read More Read more about Metasploit Module Released for Actively Exploited Microsoft SharePoint Flaw CVE-2025-53770

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

• Vulnerability

Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

Ddos July 23, 2025 0

SonicWall has issued a critical security advisory for a newly identified vulnerability—CVE-2025-40599—affecting its SMA 100 series appliances,...

Read More Read more about Critical Arbitrary File Upload Vulnerability in SonicWall SMA 100 Series Devices

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

• Vulnerability

RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Ddos July 23, 2025 0

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with Schneider Electric, has issued a security advisory...

Read More Read more about RCEs in Schneider Electric EcoStruxure Power Operation: Actively Exploited, Public PoCs Available

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

• Vulnerability Report

Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Ddos July 23, 2025 0

A critical vulnerability has been uncovered in the widely used JavaScript library Form-Data, impacting millions of applications...

Read More Read more about Critical Flaw (CVE-2025-7783, CVSS 9.4) in Form-Data Library Exposes Millions of Apps to Multipart Injection & RCE

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

• Cybercriminals
• Vulnerability Report

Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Ddos July 23, 2025 0

Last week, the Microsoft Security Response Center (MSRC) issued an urgent advisory regarding active exploitation of critical...

Read More Read more about Microsoft: China-Backed APTs Actively Exploiting SharePoint Flaws (CVE-2025-49704 & CVE-2025-49706)

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

• Vulnerability Report

Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Ddos July 22, 2025 0

Cisco has issued an urgent update to its security advisory, revealing that three critical remote code execution...

Read More Read more about Urgent: Cisco ISE Flaws (CVSS 10.0) Actively Exploited in the Wild – Patch Immediately!

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

• Vulnerability Report

Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

Ddos July 22, 2025 0

Sophos has issued a security advisory detailing the remediation of five vulnerabilities in Sophos Firewall, including two...

Read More Read more about Urgent Sophos Firewall Update: Two Critical RCE Flaws (CVE-2025-6704, CVE-2025-7624) Patched via Hotfixes

Critical Flaw (CVE-2025-24936, CVSS 9.0) in Nokia WaveSuite NOC Expose Telecom Networks to RCE

• Vulnerability Report

Critical Flaw (CVE-2025-24936, CVSS 9.0) in Nokia WaveSuite NOC Expose Telecom Networks to RCE

Ddos July 22, 2025 0

Nokia’s WaveSuite NOC (WS-NOC) platform—an integral part of network operations for telecom and enterprise environments— exists two...

Read More Read more about Critical Flaw (CVE-2025-24936, CVSS 9.0) in Nokia WaveSuite NOC Expose Telecom Networks to RCE

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

• Vulnerability Report

Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

Ddos July 21, 2025 0

A critical remote command execution (RCE) vulnerability has been discovered in Livewire, the popular full-stack framework for...

Read More Read more about Critical Livewire RCE (CVE-2025-54068) Threatens Millions of Laravel Apps – Patch Immediately!

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

• Vulnerability Report

ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

Ddos July 21, 2025 0

On the evening of July 18, 2025, Eye Security identified an active, large-scale exploitation of a newly...

Read More Read more about ToolShell: New SharePoint RCE Zero-Day Chain Under Active Global Exploitation

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

• Vulnerability Report

SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

Ddos July 20, 2025 0

Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation...

Read More Read more about SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!

• Vulnerability Report

FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!

Ddos July 19, 2025 0

A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA...

Read More Read more about FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!