Kibana released a security advisory to address a critical severity tracked as CVE-2025-25014. Successful exploitation of the prototype pollution vulnerability may lead to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
Tag: Arbitrary Code Execution Vulnerability
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability (CVE-2025-20188)
Cisco released a security advisory to address a vulnerability in its IOS XE Wireless Controller that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system. Tracked as CVE-2025-20188, the vulnerability has a critical severity rating with a CVSS score of 10.
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287)
Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as CVE-2024-37287, the vulnerability has a CVSS score of 9.9.
Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)
Ivanti released a security advisory to address ten vulnerabilities in its Endpoint Manager. The vulnerabilities are given critical and high security vulnerabilities. On successful exploitation, an attacker with access to the internal network can execute arbitrary SQL queries and retrieve output without needing authentication. This can then allow the attacker control over machines running the … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)”
Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)
Ivanti released a security advisory to address 27 medium, high, and critical severity vulnerabilities in its mobile device management solution Avalanche. CVE-2024-24996 and CVE-2024-29204 are the two vulnerabilities that have been given critical severity ratings. Successful exploitation of the vulnerabilities may allow remote attackers to trigger denial-of-service attacks, execute arbitrary commands as SYSTEM, read sensitive … Continue reading “Ivanti Patches Multiple Vulnerabilities Impacting Avalanche Mobile Device Management Solution (CVE-2024-24996 & CVE-2024-29204)”
CISA Added Adobe and Cisco vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2023-21608 & CVE-2023-20109)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has acknowledged the active exploitation of two vulnerabilities. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog on Tuesday. CISA has recommended that users apply the vendor-released patches before October 31, 2023, to secure their networks against potential threats. The two vulnerabilities added by CISA are: CVE-2023-21608 CVE-2023-20109
Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)
Apple has released emergency updates to address three zero-day vulnerabilities in multiple popular products. Tracked as CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, the vulnerabilities may allow attackers to elevate privileges, perform arbitrary code execution, and bypass signature validation. Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat … Continue reading “Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)”
Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)
An arbitrary code execution vulnerability affecting Apex One and Worry-Free Business Security is being exploited in the wild. CVE-2023-41179 has been given a CVSS score of 9.1 with a severity rating of critical. Successful exploitation of the vulnerability may allow an attacker with administrative console access to execute arbitrary code on the target system. Trend Micro … Continue reading “Trend Micro Patches Zero-day Arbitrary Code Execution Vulnerability in Apex One and Worry-Free Business Security (CVE-2023-41179)”
Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution
Notepad++ is vulnerable to multiple buffer overflow vulnerabilities that may allow attackers to execute arbitrary code on target systems. The CVEs are being tracked as CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, and CVE-2023-40166. These vulnerabilities’ severity ratings and CVSS scores range from 5.5 (Medium) to 7.8 (High). Jaroslav Lobačevski discovered the vulnerabilities from GHSL. Don Ho developed Notepad++. … Continue reading “Multiple Vulnerabilities in Notepad++ Allow Attackers to Perform Arbitrary Code Execution”
Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)
Attackers exploit two Adobe ColdFusion vulnerabilities to bypass authentication and perform remote code execution. CVE-2023-29298 and CVE-2023-38203 can be chained to conduct attacks on Adobe ColdFusion environments. CISA has added CVE-2023-29298 and CVE-2023-38205 to its Known Exploited Vulnerabilities Catalog, recommending users patch before August 10. On January 8, 2024, CISA added the CVE-2023-29300 and CVE-2023-38203 … Continue reading “Adobe ColdFusion Vulnerabilities Exploited in the Attacks in Dropping Webshell (CVE-2023-29298, CVE-2023-29300, and CVE-2023-38203)”
