Vulnerabilities

Cisco Switches Affected by Reboot Loops Caused by DNS Client Bug

Several Cisco switch models are unexpectedly entering reboot loops after reporting critical DNS client errors, according to recent reports compiled by BleepingComputer. The issue appears to have started around 2 AM, when a firmware problem in the switches’ DNS client service began treating DNS lookup failures as fatal errors. This caused the affected switches to […]

Cisco Switches Affected by Reboot Loops Caused by DNS Client Bug Read More »

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has issued urgent security updates for multiple vulnerabilities affecting on-premise Windows deployments of Apex Central, including a critical flaw that could allow attackers to execute arbitrary code with elevated privileges. The most severe issue, tracked as CVE-2025-69258, has been assigned a CVSS score of 9.8, placing it among the highest risk vulnerabilities. According to Trend

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions Read More »

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances

Security researchers have disclosed 11 high-impact security vulnerabilities affecting Coolify, an open-source self-hosting and application deployment platform. The flaws could allow attackers to bypass authentication controls and execute arbitrary commands, potentially resulting in complete server and infrastructure compromise on self-hosted instances. Overview of the Disclosed Vulnerabilities The identified issues primarily stem from command injection, improper

Coolify Reveals 11 Critical Vulnerabilities Allowing Full Server Compromise on Self-Hosted Instances Read More »

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security vulnerabilities affecting Microsoft Office and HPE OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence that the flaws are being actively abused by threat actors. The move highlights growing concerns about unpatched enterprise software being leveraged in real-world attacks. Vulnerabilities Added to KEV Catalog The following security

CISA Flags Microsoft Office and HPE OneView Vulnerabilities as Actively Exploited Read More »

Ongoing Attacks Target Legacy D-Link DSL Routers via Critical RCE Vulnerability

Cybersecurity researchers have reported ongoing attacks exploiting a critical vulnerability in legacy D-Link DSL gateway routers. The flaw, tracked as CVE-2026-0625, has a CVSS score of 9.3 and enables unauthenticated remote attackers to execute arbitrary code on affected devices. Command Injection in DNS Configuration Endpoint The vulnerability stems from improper sanitization of user-supplied DNS parameters in the dnscfg.cgi endpoint. Exploitation allows

Ongoing Attacks Target Legacy D-Link DSL Routers via Critical RCE Vulnerability Read More »

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control

Cybersecurity researchers have disclosed a maximum-severity vulnerability in n8n, a widely used workflow automation platform, that allows unauthenticated attackers to gain complete control over vulnerable instances. The flaw, tracked as CVE-2026-21858 and named Ni8mare by Cyera Research Labs, carries a CVSS score of 10.0. Security researcher Dor Attias discovered and reported the issue on November 9, 2025. Unauthenticated Exploit Lets Attackers Access Sensitive

Critical n8n Vulnerability (CVSS 10.0) Lets Unauthenticated Attackers Take Full Control Read More »

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover

The CERT Coordination Center (CERT/CC) has issued a security advisory detailing a serious unpatched vulnerability affecting the TOTOLINK EX200 wireless range extender, which could allow a remote attacker to gain complete control over the device. The vulnerability, tracked as CVE-2025-65606, originates from improper error handling within the device’s firmware upload mechanism. Although no CVSS score has been

Unpatched Firmware Vulnerability Leaves TOTOLINK EX200 Open to Full Remote Device Takeover Read More »

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers

Users of the @adonisjs/bodyparser npm package are being urged to update immediately after the disclosure of a critical security vulnerability that could allow remote attackers to write arbitrary files on affected servers. The issue is tracked as CVE-2026-21440 and carries a CVSS score of 9.2, indicating high severity. According to project maintainers, the flaw stems from a path traversal vulnerability within AdonisJS’s

Critical AdonisJS Bodyparser Vulnerability (CVSS 9.2) Allows Arbitrary File Write on Servers Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »