Vulnerabilities Archives - Page 20 Of 20

Critical Tableau Server Flaw Allows Attackers to Upload and Execute Malicious Files

August 25, 2025

A severe security flaw has been discovered in Tableau Server, which could allow attackers to upload and execute malicious files, leading to full system takeover. This vulnerability, tracked as CVE-2025-26496 with a CVSS score of 9.6, impacts several versions of Tableau Server and Tableau Desktop on both Windows and Linux platforms. Key Highlights Tableau Server […]

Critical Tableau Server Flaw Allows Attackers to Upload and Execute Malicious Files Read More »

Windows Docker Desktop Flaw Enables Full Host Compromise

August 22, 2025

A newly revealed security flaw in Docker Desktop for Windows shows how a simple Server-Side Request Forgery (SSRF) attack can completely compromise the host machine. The issue, tracked as CVE-2025-9074, was discovered by Felix Boulet and reported on August 21, 2025. It affects all Docker Desktop releases prior to version 4.44.3. The flaw demonstrates a

Windows Docker Desktop Flaw Enables Full Host Compromise Read More »

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage

August 22, 2025

Cybersecurity researchers have raised alarms over increasing cyber-espionage activity linked to China-based threat groups. Among them, Murky Panda, Genesis Panda, and Glacial Panda have been spotlighted for aggressively targeting cloud infrastructures and telecommunications networks to harvest sensitive intelligence. Murky Panda Exploiting Cloud Relationships A recent CrowdStrike report highlights that Murky Panda, also known as Silk

Chinese Hackers Murky, Genesis, Glacial Panda Intensify Cloud and Telecom Espionage Read More »

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution

August 22, 2025

Commvault has issued critical security updates to patch four vulnerabilities that could allow attackers to execute remote code on vulnerable systems. Affected Versions The flaws exist in Commvault versions prior to 11.36.60. The vulnerabilities are: Discovery and Fixes The vulnerabilities were discovered by Sonny Macdonald and Piotr Bazydlo from watchTowr Labs in April 2025. Commvault

Commvault Pre-Auth Exploit Chains Could Allow Remote Code Execution Read More »

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits

August 21, 2025

On August 19, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released four detailed Industrial Control Systems (ICS) advisories, warning of serious security flaws in critical infrastructure sectors such as energy and manufacturing. The reported issues carry CVSS severity scores between 5.8 and 9.8, highlighting the urgent need for action from administrators and security teams.

CISA Issues Four ICS Advisories on Vulnerabilities and Exploits Read More »

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution

August 18, 2025

A severe security flaw has been identified in Rockwell Automation’s ControlLogix Ethernet communication modules. This issue could allow remote attackers to execute arbitrary code on industrial control systems, posing a high risk to manufacturing and automation operations. The vulnerability, tracked as CVE-2025-7353, has been rated with a CVSS score of 9.8, placing it in the

Rockwell ControlLogix Ethernet Flaw Enables Remote Code Execution Read More »

Critical PostgreSQL Flaws Enable Code Injection in Restorations

August 18, 2025

The PostgreSQL Global Development Group has rolled out emergency security updates across all supported versions to fix three newly discovered vulnerabilities that expose organizations to arbitrary code execution risks during database restoration processes. These vulnerabilities affect PostgreSQL versions 13 through 17, with security patches available in the latest releases: 17.6, 16.10, 15.14, 14.19, and 13.22.

Critical PostgreSQL Flaws Enable Code Injection in Restorations Read More »

Over 1000 N-able N-central RMM Servers Exposed to 0-Day

August 18, 2025

Over 1,000 N-able N-central Servers Exposed to Critical Zero-Day Vulnerabilities More than 1,000 exposed and unpatched N-able N-central Remote Monitoring and Management (RMM) servers are at risk due to two newly identified zero-day vulnerabilities (CVE-2025-8875 and CVE-2025-8876). According to data confirmed on August 15, 2025, 1,077 unique IPs were detected running outdated N-central versions. This

Over 1000 N-able N-central RMM Servers Exposed to 0-Day Read More »

Microsoft IIS Web Deploy Flaw Allows Remote Code Execution

August 16, 2025

A high-severity vulnerability has been identified in Microsoft’s Web Deploy tool that could allow authenticated attackers to perform remote code execution (RCE) on vulnerable systems. The flaw, tracked as CVE-2025-53772, was revealed on August 12, 2025, and has been assigned a CVSS score of 8.8, making it a significant security concern. Technical Details The issue

Microsoft IIS Web Deploy Flaw Allows Remote Code Execution Read More »

ImageMagick Vulnerabilities Trigger Memory Corruption, Overflows

August 16, 2025

Multiple ImageMagick Vulnerabilities Expose Users to Memory Corruption and Integer Overflow Risks Security experts have identified four critical vulnerabilities in ImageMagick, one of the most popular open-source image processing tools, potentially putting millions of users at risk. Discovered by researcher “urban-warrior” and reported three days ago, the flaws include two high-risk issues that could allow

ImageMagick Vulnerabilities Trigger Memory Corruption, Overflows Read More »