Articles tagged "CVE"

Found 351 articles

Apple has released security updates to address two vulnerabilities in WebKit, identified as CVE-2025-14174 and CVE-2025-43529, which are currently being exploited in the wild. The first vulnerability, CVE-2025-14174, was previously patched by Google for its Chrome desktop browser, but details were limited at that time. This flaw allows for out-of-bounds memory access, potentially enabling attackers to execute arbitrary code. Users of Apple devices, particularly those running Safari or any applications reliant on WebKit, should prioritize updating their systems to safeguard against these vulnerabilities. Ignoring these updates could leave devices exposed to active exploitation.

Read Original

MITRE has released its Top 25 list of dangerous software weaknesses for 2025, based on an analysis of nearly 40,000 Common Vulnerabilities and Exposures (CVEs). This list identifies the most critical flaws that could be exploited by attackers, affecting a wide range of software and hardware products. Developers and organizations need to be aware of these vulnerabilities to improve their security measures and protect against potential breaches. The findings serve as a crucial resource for cybersecurity professionals aiming to prioritize their efforts in addressing these weaknesses. By understanding and mitigating these risks, companies can better safeguard their systems and data from malicious actors.

Read Original
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Hackread – Cybersecurity News, Data Breaches, AI, and More

Actively Exploited

In December 2025, researchers identified a serious vulnerability in React, designated as CVE-2025-55182, which has led to a surge in attacks on services that use React2Shell. This vulnerability affects numerous applications built with the React framework, making them targets for malicious actors. Attackers are exploiting this flaw to gain unauthorized access to systems, which could lead to data breaches or service disruptions. Organizations utilizing React-enabled services are urged to take immediate action to safeguard their systems. The situation is critical, as the exploitation of this vulnerability poses significant risks to businesses and users globally.

Read Original

The React team has identified and patched two significant vulnerabilities in React Server Components (RSC) that could lead to denial-of-service (DoS) attacks and exposure of source code. These issues were uncovered by security researchers while they were probing the existing patches for a previously disclosed critical bug (CVE-2025-55182) that had a CVSS score of 10.0, indicating its severity. This situation is concerning as it affects developers using React for building applications, potentially putting sensitive code at risk. The React team emphasizes the importance of applying these patches promptly to maintain application security.

Read Original

A serious security vulnerability in Gogs, a self-hosted Git service, is currently being exploited, affecting over 700 instances worldwide. This flaw, identified as CVE-2025-8110, has a CVSS score of 8.7 and allows attackers to overwrite files via the file update API. The lack of a patch means that many users are at risk, and researchers from Wiz have highlighted the urgency of addressing this issue. Companies using Gogs should take immediate action to secure their installations and monitor for any signs of compromise. The situation underscores the need for timely updates and vigilance in managing self-hosted services.

Read Original

Google has addressed a zero-day vulnerability in its Chrome browser that was actively exploited in the wild. This vulnerability, which does not have a CVE identifier, remains shrouded in mystery, as details about its origin and the specific components it affects are unclear. The lack of a CVE means users and security experts have limited information regarding the potential risks involved. However, the fact that it has been exploited means users should update their Chrome browsers promptly to safeguard against potential attacks. Keeping software up to date is crucial in mitigating risks associated with such vulnerabilities.

Read Original
It didn’t take long: CVE-2025-55182 is now under active exploitation

Securelist

Actively Exploited

CVE-2025-55182 is currently being exploited by threat actors, raising concerns about the potential for increased attacks. This vulnerability affects a range of systems, and researchers have noted that their honeypots are already being targeted. In addition to the exploitation, specific malware has been identified as part of these attacks, which could compromise the integrity of affected systems. It’s crucial for organizations to understand the implications of this vulnerability and take proactive measures to protect their infrastructure. Knowing how to defend against this threat is vital as the situation evolves.

Read Original

On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.

Read Original

AWS Security has reported that multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) within hours of its disclosure. Although this flaw does not affect AWS services, the rapid exploitation highlights the urgency for organizations to address this vulnerability to prevent potential breaches.

Read Original
Actively Exploited

The article discusses the rising exploitation of the React vulnerability CVE-2025-55182 by threat actors. This vulnerability poses a significant risk as it is being actively targeted in various attacks, highlighting the urgency for organizations to address it promptly.

Read Original
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

The Hacker News

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

Read Original

Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.

Read Original

The article discusses a critical vulnerability in OpenAI's Codex CLI, identified as CVE-2025-61260, which allows for command execution. This vulnerability poses a significant risk to developers, as it could be exploited to facilitate various attacks. Immediate attention is required to mitigate potential threats stemming from this issue.

Read Original

The Festo Compact Vision System and related products have critical vulnerabilities that could allow unauthorized access and modification of configuration files, with a CVSS score of up to 9.8. Users are urged to implement security measures to mitigate the risk of exploitation, as these vulnerabilities could severely impact device security and integrity.

Read Original
PreviousPage 22 of 24Next