Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request.
The post Recent GeoServer Vulnerability Exploited in Attacks appeared first on SecurityWeek.
CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack
CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek.
Critical WatchGuard Firebox Vulnerability Exploited in Attacks
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.
The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.
CISA Warns of CWP Vulnerability Exploited in the Wild
A critical vulnerability in Control Web Panel (CWP), tracked as CVE-2025-48703, allows remote, unauthenticated command execution.
The post CISA Warns of CWP Vulnerability Exploited in the Wild appeared first on SecurityWeek.
CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog
Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation.
The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek.
CISA Warns of Exploited DELMIA Factory Software Vulnerabilities
Two DELMIA Apriso flaws can be chained together to gain privileged access to the application and execute arbitrary code remotely.
The post CISA Warns of Exploited DELMIA Factory Software Vulnerabilities appeared first on SecurityWeek.
CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities
Leading to code execution, authentication bypass, and privilege escalation, the flaws were added to CISA’s KEV list.
The post CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities appeared first on SecurityWeek.
CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability appeared first on SecurityWeek.
Organizations Warned of Exploited Adobe AEM Forms Vulnerability
A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August.
The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek.
Organizations Warned of Exploited Meteobridge Vulnerability
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges.
The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.