Cisco patched a maximum severity, CVSS 10.0, vulnerability in its IOS XE Software for wireless LAN controllers (WLCs).The vulnerability, tracked as CVE-2025-20188, could enable a remote, unauthenticated attacker to upload arbitrary files, achieve path traversal and execute arbitrary commands with root privileges on affected devices, according to a Cisco security advisory published Wednesday.This is due … Read more
SAP released a patch for a critical 10.0 vulnerability in its NetWeaver Visual Composer product that it observed attackers exploiting, uploading malicious webshells.Security experts expressed concern because many Fortune 500 companies and large government agencies use SAP.In a blog post that originally ran April 22 and was updated April 25, ReliaQuest researchers said the bug … Read more
Mozilla patched a Firefox browser vulnerability that was discovered after a similar Google Chrome flaw was found to be actively exploited in potential espionage campaigns.The critical flaw, tracked as CVE-2025-2857, could enable an attacker to escape the Firefox browser’s sandbox protection on Windows machines due to an error in the browser’s inter-process communication (IPC) code, … Read more
Feb 12, 2025Ravie LakshmananNetwork Security / Vulnerability Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below – CVE-2024-38657 (CVSS score: 9.1) – External control of a file … Read more
QNAP on Jan. 23 issued patches for six bugs in the open-source Rsync software that helps manage its popular network-attached storage (NAS) devices that are primarily used for backup and disaster recovery. In its advisory, QNAP said the bugs affect HBS 3 Hybrid Backup Sync 25.1.x NAS devices, and recommended that customers update those systems … Read more