Oracle released a security advisory to address a critical zero-day vulnerability impacting the E-Business Suite. Tracked as CVE-2025-61882, the vulnerability has a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to achieve remote code execution. Security reports suggest the vulnerability is actively exploited in Clop data theft attacks.
Tag: Remote Code Execution Vulnerability
Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)
Cisco released a security advisory to address an actively exploited vulnerability, tracked as CVE-2025-20352, impacting Cisco IOS and IOS XE Software. Successful exploitation of the vulnerability may allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition. A high-privileged attacker may execute arbitrary code as the root user and … Continue reading “Cisco IOS and IOS XE Software Vulnerability Exploited in the Wild (CVE-2025-20352)”
SolarWinds Web Help Desk Remote Code Execution Vulnerability (CVE-2025-26399)
SolarWinds released a security advisory to address a critical severity vulnerability impacting its Web Help Desk software. Tracked as CVE-2025-26399, the vulnerability has a CVSS score of 9.8. Successful exploitation of this vulnerability may allow an unauthenticated attacker to execute arbitrary code on the target system.
CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)
Threat attackers exploit a zero-day vulnerability in Sitecore Experience Manager (XM) and Sitecore Experience Platform (XP) tracked as CVE-2025-53690. The vulnerability has a critical severity rating with a CVSS score of 9.0. Successful exploitation of the vulnerability may lead to remote code execution and unauthorized access to information. Mandiant Threat Defense identified active exploitation of … Continue reading “CISA Warns of Sitecore Experience Platform Zero-day Vulnerability (CVE-2025-53690)”
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265)
Cisco addressed a critical severity vulnerability impacting its Secure Firewall Management Center Software. Tracked as CVE-2025-20265, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject arbitrary shell commands executed by the device.
Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)
A critical remote code execution vulnerability has been discovered in Anthropic’s open‑source tool, MCP Inspector, which is widely used by AI developers for debugging Model Context Protocol (MCP) servers. Tracked as CVE-2025-49596, the vulnerability has a CVSS score of 9.4. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code … Continue reading “Anthropic Model Context Protocol (MCP) Inspector Remote Code Execution Vulnerability (CVE-2025-49596)”
WingFTP Critical Remote Code Execution Vulnerability (CVE-2025-47812)
Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)
Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)
A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.
vBulletin Remote Code Execution Vulnerabilities Exploited in the Wild (CVE-2025-48827 & CVE-2025-48828)
Security researchers at Karma(In)Security discovered two unauthenticated remote code execution vulnerabilities in vBulletin, a popular commercial forum solution. Tracked as CVE-2025-48828, successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, leading to critical data loss and complete system compromise.