Tag: RCE
Cybersecurity Threat Advisory: Critical Veeam backup flaws
Veeam has released Patch 12.3.2.4165 for Backup & Replication and Version 6.3.2.1302 for Veeam Agent for Microsoft Windows, addressing three serious vulnerabilities. These include two critical remote code execution (RCE) flaws (CVE-2025-48983, CVE-2025-48984) and one high-severity local privilege escalation (LPE)...
Cybersecurity Threat Advisory: Critical Oracle EBS flaw
Oracle released an emergency update for its E-Business Suite to address the critical vulnerability CVE-2025-61882 ( with a CVSS of 9.8) because it was actively being exploited by threat actors, particularly the Cl0p ransomware group, in a recent wave of...
Cybersecurity Threat Advisory: RCE vulnerability in SolarWinds WHD
A critical remote code execution (RCE) vulnerability, CVE-2025-26399, has been identified in SolarWinds Web Help Desk (WHD) and remains exploitable despite previous fixes. The flaw allows unauthenticated attackers to execute arbitrary code on vulnerable servers, leading to a full system...
Cybersecurity Threat Advisory: Severe GoAnywhere MFT vulnerability
Fortra disclosed a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035, with a CVSS score of 10.0. The flaw allows attackers to execute remote code without authentication. Review this Cybersecurity Threat Advisory to keep your systems safe....
Cybersecurity Threat Advisory: Critical WatchGuard firewall flaw
A critical remote-code execution (RCE) vulnerability in WatchGuard Firebox, tracked as CVE-2025-9242 with a CVSS score of 9.3, allows unauthenticated attackers to execute arbitrary code. Review the information in this Cybersecurity Threat Advisory to learn more. What is the threat?...
Cybersecurity Threat Advisory: Critical flaw in DELMIA Apriso MOM software
CISA has added CVE-2025-5086, a critical remote code execution (RCE) vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software, to its catalog following confirmed active exploitation. Review the details of this Cybersecurity Threat Advisory to keep your system...
Cybersecurity Threat Advisory: Critical FreePBX zero-day vulnerability
Researchers have discovered a zero-day vulnerability in Sangoma FreePBX, identified as CVE-2025-57819. This flaw allows unauthenticated remote attackers to take control of affected PBX systems, potentially resulting in remote code execution (RCE), arbitrary database manipulation, and full system compromise. Review...
Cybersecurity Threat Advisory: Citrix patches NetScaler flaws
Citrix has issued patches for three zero-day vulnerabilities affecting NetScaler ADC and Gateway, including one that attackers have already begun exploiting. Review the details in this Cybersecurity Threat Advisory to reduce your risk from these threats. What is the threat?...
Cybersecurity Threat Advisory: Critical SAP NetWeaver vulnerabilities
Researchers have uncovered a chained vulnerability in SAP NetWeaver Visual Composer involving authentication bypass and insecure deserialization. These critical flaws—tracked as CVE-2025-31324 and CVE-2025-42999—are currently being exploited in an active threat campaign targeting exposed Visual Composer servers. Review the details...
Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review...
