vulnerability

SAP Patches Critical Vulnerabilities With December 2025 Security Updates

patch, SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerabilities With December 2025 Security Updates 2025-12-10 at 14:39 By Ionut Arghire Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared first on SecurityWeek. This article is an excerpt from […]

SAP Patches Critical Vulnerabilities With December 2025 Security Updates Read More »

Intel, AMD Processors Affected by PCIe Vulnerabilities

Amd, CPU, Endpoint Security, Featured, Intel, PCI Express, PCIe, vulnerability /

Intel, AMD Processors Affected by PCIe Vulnerabilities 2025-12-10 at 10:22 By Eduard Kovacs The PCIe flaws, found by Intel employees, can be exploited for information disclosure, escalation of privilege, or DoS. The post Intel, AMD Processors Affected by PCIe Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Intel, AMD Processors Affected by PCIe Vulnerabilities Read More »

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes

vulnerability, vulnerability management /

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes 2025-12-10 at 08:53 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 591 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 69 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 26 received a critical severity

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes Read More »

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability 

cyber news, vulnerability, vulnerability management /

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  2025-12-10 at 08:53 By Ashish Khaitan The vulnerability disclosure cycle has entered a new era, one where the gap between publication and weaponization is measured in minutes, not days. It has been confirmed that China-nexus threat actors began actively exploiting a critical React Server Components flaw, React2Shell,

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  Read More »

Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Featured, Patch Tuesday, Vulnerabilities, vulnerability, Windows, Zero-Day /

Microsoft Patches 57 Vulnerabilities, Three Zero-Days 2025-12-10 at 00:44 By Ionut Arghire Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Microsoft Patches 57 Vulnerabilities, Three Zero-Days Read More »

Adobe Patches Nearly 140 Vulnerabilities

Adobe, patches, Vulnerabilities, vulnerability /

Adobe Patches Nearly 140 Vulnerabilities 2025-12-10 at 00:44 By Ionut Arghire The Experience Manager security update resolves 117 vulnerabilities, including 116 identified as cross-site scripting (XSS) bugs. The post Adobe Patches Nearly 140 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Adobe Patches Nearly 140 Vulnerabilities Read More »

Critical Apache Tika Vulnerability Leads to XXE Injection

Apache, Apache Tika, Vulnerabilities, vulnerability /

Critical Apache Tika Vulnerability Leads to XXE Injection 2025-12-08 at 13:58 By Ionut Arghire The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. The post Critical Apache Tika Vulnerability Leads to XXE Injection appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection Read More »

Exploitation of React2Shell Surges

exploited, Featured, React, React2Shell, Vulnerabilities, vulnerability /

Exploitation of React2Shell Surges 2025-12-08 at 12:00 By Eduard Kovacs An increasing number of threat actors have been attempting to exploit the React vulnerability CVE-2025-55182 in their attacks. The post Exploitation of React2Shell Surges appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Exploitation of React2Shell Surges Read More »

Chinese Hackers Exploiting React2Shell Vulnerability

exploited, Featured, React, React2Shell, Vulnerabilities, vulnerability /

Chinese Hackers Exploiting React2Shell Vulnerability 2025-12-05 at 10:30 By Eduard Kovacs AWS has seen multiple China-linked threat groups attempting to exploit the React vulnerability CVE-2025-55182. The post Chinese Hackers Exploiting React2Shell Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chinese Hackers Exploiting React2Shell Vulnerability Read More »

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)

Cloudflare, Don't miss, Google Cloud, Hot stuff, JavaScript, Meta, mobile apps, News, Node.js, React, security update, vulnerability, web application, Wiz /

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability

Application Security, Featured, React, Vulnerabilities, vulnerability /

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability 2025-12-04 at 12:11 By Eduard Kovacs A researcher has pointed out that only instances using a newer feature are impacted by CVE-2025-55182. The post React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React2Shell: In-the-Wild Exploitation Expected for Critical React Vulnerability Read More »

Critical King Addons Vulnerability Exploited to Hack WordPress Sites

exploited, Vulnerabilities, vulnerability, WordPress /

Critical King Addons Vulnerability Exploited to Hack WordPress Sites 2025-12-03 at 15:39 By Ionut Arghire A critical-severity vulnerability in the King Addons for Elementor plugin for WordPress has been exploited to take over websites. The post Critical King Addons Vulnerability Exploited to Hack WordPress Sites appeared first on SecurityWeek. This article is an excerpt from

Critical King Addons Vulnerability Exploited to Hack WordPress Sites Read More »

Chrome 143 Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities, vulnerability /

Chrome 143 Patches High-Severity Vulnerabilities 2025-12-03 at 10:52 By Ionut Arghire Chrome 143 stable was released with patches for 13 vulnerabilities, including a high-severity flaw in the V8 JavaScript engine. The post Chrome 143 Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chrome 143 Patches High-Severity Vulnerabilities Read More »

Android’s December 2025 Updates Patch Two Zero-Days

Android, exploited, Featured, Mobile & Wireless, Vulnerabilities, vulnerability, Zero-Day /

Android’s December 2025 Updates Patch Two Zero-Days 2025-12-02 at 15:15 By Ionut Arghire Google warns that two out of the 107 vulnerabilities patched in Android this month have been exploited in limited, targeted attacks. The post Android’s December 2025 Updates Patch Two Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Android’s December 2025 Updates Patch Two Zero-Days Read More »

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers

AI, Artificial Intelligence, Codex CLI, OpenAI, vulnerability /

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers 2025-12-02 at 14:02 By Eduard Kovacs The Codex CLI vulnerability tracked as CVE-2025-61260 can be exploited for command execution. The post Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vulnerability in OpenAI Coding Agent Could Facilitate Attacks on Developers Read More »

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack

CISA KEV, exploited, Featured, HMI, ICS, ICS/OT, OpenPLC, OT, ScadaBR, Vulnerabilities, vulnerability /

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack 2025-12-01 at 13:14 By Eduard Kovacs CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack Read More »

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover

Cloud, cloud security, Fluent Bit, Vulnerabilities, vulnerability /

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover 2025-11-25 at 15:47 By Ionut Arghire Five flaws in the open source tool may lead to path traversal attacks, remote code execution, denial-of-service, and tag manipulation. The post Fluent Bit Vulnerabilities Expose Cloud Services to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Fluent Bit Vulnerabilities Expose Cloud Services to Takeover Read More »

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

exploited, Oracle, Vulnerabilities, vulnerability, Zero-Day /

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day 2025-11-21 at 15:47 By Eduard Kovacs CVE-2025-61757 is an unauthenticated remote code execution vulnerability affecting Oracle Identity Manager. The post Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Read More »

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

DoS, firewall, SonicWall, Vulnerabilities, vulnerability /

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance 2025-11-21 at 14:41 By Ionut Arghire The vulnerabilities could be exploited to cause a denial-of-service (DoS) condition, execute arbitrary code, or access arbitrary files and directories. The post SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance appeared first on SecurityWeek. This article is an excerpt

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance Read More »

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability

AI, Artificial Intelligence, browser, Comet, controversy, Featured, Perplexity, SquareX, Vulnerabilities, vulnerability /

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability 2025-11-21 at 13:20 By Eduard Kovacs SquareX claims to have found a way to abuse a hidden Comet API to execute local commands, but Perplexity says the research is fake. The post SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability appeared first on SecurityWeek. This

SquareX and Perplexity Quarrel Over Alleged Comet Browser Vulnerability Read More »

Scroll to Top