Vulnerabilities

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control

Cybersecurity researchers have disclosed a maximum-severity vulnerability in n8n, a widely used workflow automation platform, that allows unauthenticated attackers to gain complete control over vulnerable instances. The flaw, tracked as CVE-2026-21858 and named Ni8mare by Cyera Research Labs, carries a CVSS score of 10.0. Security researcher Dor Attias discovered and reported the issue on November 9, 2025. Unauthenticated Exploit Lets Attackers Access Sensitive […]

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control Read More »

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has issued a security advisory detailing a serious unpatched vulnerability affecting the TOTOLINK EX200 wireless range extender, which could allow a remote attacker to gain complete control over the device. The vulnerability, tracked as CVE-2025-65606, originates from improper error handling within the device’s firmware upload mechanism. Although no CVSS score has been

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover Read More »

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers

Users of the @adonisjs/bodyparser npm package are being urged to update immediately after the disclosure of a critical security vulnerability that could allow remote attackers to write arbitrary files on affected servers. The issue is tracked as CVE-2026-21440 and carries a CVSS score of 9.2, indicating high severity. According to project maintainers, the flaw stems from a path traversal vulnerability within AdonisJS’s

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks. The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability.

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE Read More »

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances

Cybersecurity researchers have revealed a highly severe security flaw in the n8n workflow automation platform that could allow attackers to execute arbitrary code on vulnerable systems under specific conditions. The vulnerability is tracked as CVE-2025-68613 and has received a CVSS score of 9.9, placing it among the most critical software flaws disclosed this year. The issue was identified

Critical n8n Flaw with CVSS 9.9 Allows Arbitrary Code Execution Across Thousands of Instances Read More »

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard has issued an urgent security advisory after confirming active exploitation of a critical vulnerability in its Fireware OS. The flaw affects VPN functionality and has already been observed being abused in real world attacks, prompting immediate patching recommendations for all affected customers. The vulnerability, tracked as CVE-2025-14733, carries a CVSS score of 9.3 and is

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability Read More »

Cisco Warns of Active Attacks Exploiting Unpatched Zero Day in AsyncOS Email Security Appliances

Cisco has issued an urgent warning about an actively exploited zero day vulnerability affecting Cisco AsyncOS software. The flaw is being leveraged by a China aligned advanced persistent threat actor tracked as UAT 9686 in attacks against Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Cisco said it became aware of the

Cisco Warns of Active Attacks Exploiting Unpatched Zero Day in AsyncOS Email Security Appliances Read More »

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution

Hewlett Packard Enterprise (HPE) has addressed a critical security vulnerability in its OneView software that, if exploited, could allow remote code execution without authentication. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, highlighting its severity. HPE OneView is an IT infrastructure management platform that provides centralized control over systems and operations

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution Read More »

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation

The United States Cybersecurity and Infrastructure Security Agency has added a critical security flaw affecting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation. The alert highlights renewed concerns around a long standing supply chain issue tied to the ASUS software ecosystem. The vulnerability, tracked as CVE-2025-59374 with a

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation Read More »