The WordPress plugin “Crawlomatic Multipage Scraper Post Generator” was updated on Friday to patch a critical vulnerability that could lead to remote code execution (RCE).The flaw, tracked as CVE-2025-4369, has a CVSS score of 9.8 and affects all versions of Crawlomatic prior to version 2.6.8.2.Crawlomatic is a plugin by CodeRevolution that automatically scrapes websites for … Read more
Two critical flaws in the open-source Mongoose Object Data Modeling (ODM) library for MongoDB and Node.js, along with proof-of-concept (PoC) exploits for both vulnerabilities, were detailed in a blog post by OPSWAT on Thursday. The flaws are tracked as CVE-2024-53900 and CVE-2025-23061 and have critical CVSS 3 scores of 9.1 and 9.0, respectively.CVE-2024-53900, which was … Read more
Six vulnerabilities in the popular Rsync file-synchronizing tool were disclosed Wednesday, including critical and high-severity flaws that could risk remote code execution (RCE) and data leakage. The Rsync utility is commonly used in Unix-like operating systems, and the Rsync daemon is frequently used to synchronize and distribute files through public mirrors. The CERT Coordination Center … Read more
Industrial networking device maker Moxa on Jan. 3 released patches for two bugs in its cellular routers, secure routers, and network security appliances, many of which operate in the critical infrastructure sector. One of the bugs — CVE-2024-9140 — was a critical 9.3 flaw that could potentially allow a remote code execution (RCE), posing significant risk … Read more
Dec 27, 2024Ravie LakshmananVulnerability / Software Security The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and … Read more