ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
New Tool Released to Detect Cisco Secure Email Gateway 0-Day Vulnerability Exploited in the Wild
A lightweight Python script to help organizations quickly identify exposure to CVE-2025-20393, a critical zero-day vulnerability in Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA), also known as Cisco
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as
Roundcube Vulnerabilities Allow Attackers to Execute Malicious Scripts
Roundcube Webmail has released critical security updates addressing two significant vulnerabilities affecting versions 1.6 and 1.5 LTS. The flaws could enable attackers to execute malicious scripts and gain unauthorized
New critical WatchGuard Firebox firewall flaw exploited in attacks
WatchGuard has warned customers to patch a critical, actively exploited remote code execution (RCE) vulnerability in its Firebox firewalls. [...]
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager
Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, i
WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls
An urgent security update has been released to fix a critical zero-day vulnerability in WatchGuard Firebox firewalls. With warnings that hackers are already actively exploiting the flaw in the wild to take control of aff
CVE-2025-65037 - Azure Container Apps Remote Code Execution Vulnerability
CVE ID : CVE-2025-65037 Published : Dec. 18, 2025, 10:16 p.m. | 35 minutes ago Description : Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute
CVE-2025-65041 - Microsoft Partner Center Elevation of Privilege Vulnerability
CVE ID : CVE-2025-65041 Published : Dec. 18, 2025, 10:16 p.m. | 35 minutes ago Description : Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. Se
CVE-2025-64663 - Custom Question Answering Elevation of Privilege Vulnerability
CVE ID : CVE-2025-64663 Published : Dec. 18, 2025, 10:16 p.m. | 35 minutes ago Description : Custom Question Answering Elevation of Privilege Vulnerability Severity: 9.9 | CRITICAL Visit the link for more details, s
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw
Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as
CVE-2025-64236 - WordPress Tuturn plugin < 3.6 - Broken Authentication vulnerability
CVE ID : CVE-2025-64236 Published : Dec. 18, 2025, 4:21 p.m. | 30 minutes ago Description : Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This
CVE-2025-65007 - Missing Authentication for Critical Function in WODESYS WD-R608U router
CVE ID : CVE-2025-65007 Published : Dec. 18, 2025, 3:15 p.m. | 1 hour, 35 minutes ago Description : In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of authentication in the configuration
HPE Patches Critical Flaw in IT Infrastructure Management Software
Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appeared first on Security
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution. The critical vulnerability, assigned the CVE iden
HPE OneView Software Vulnerability Let Attackers Execute Remote Code
A critical security alert warns customers about a severe vulnerability in HPE OneView Software that could allow remote attackers to execute arbitrary code without authentication. The flaw, tracked as CVE-2025-37164, carr
Cisco Unified Contact Center Express Vulnerabilities Enables Remote Code Execution Attacks
A critical security advisory addressing multiple severe vulnerabilities in Cisco Unified Contact Center Express (Unified CCX). That could allow unauthenticated remote attackers to execute arbitrary commands and compromis
Hackers Hijacking VNC Connections to Gain Access to OT Control Devices in Critical Infrastructure
A coalition of U.S. and international cybersecurity agencies issued a stark warning this week about pro-Russia hacktivists exploiting exposed Virtual Network Computing (VNC) connections to infiltrate operational technolo
Critical Apache Commons Text Vulnerability Enables Remote Code Execution Attacks
A newly disclosed security flaw in Apache Commons Text, tracked as CVE-2025-46295, has been identified as a remote code execution (RCE) vulnerability. That could allow attackers to compromise systems using vulnerable ver
Critical Vulnerability in Popular Node.js Library Exposes Windows Systems to RCE Attacks
A serious security flaw has been discovered in systeminformation, a popular Node.js library used by thousands of developers. The vulnerability, labelled CVE-2025-68154, allows attackers to run malicious code on Windows c
SonicWall Patches Exploited SMA 1000 Zero-Day
The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.