-
A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of the platform and requires immediate patching. The improper restriction of XML External Entity references in […] The post Apache Syncope Vulnerability Let Attackers Hijack User Sessions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a […] The post Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart request processing that enables denial-of-service conditions. Apache Struts researcher discovered the vulnerability in Apache Struts’ multipart request processing mechanism. The flaw allows attackers to […] The post Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads. The patches, included in the newly released version 2.6.17 and 2.7_rc3, fix issues ranging from logic errors in HMAC verification to stability flaws in the Windows […] The post OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI has patched a command injection flaw in its Codex CLI tool that allowed attackers to execute arbitrary commands on developers’ machines simply by getting a malicious configuration file into a project repository. The issue, now fixed in Codex CLI version 0.23.0, effectively turned routine use of the codex command into a silent remote‑code‑execution trigger. […] The post OpenAI Codex CLI Command Injection Vulnerability Let Attackers Execute Arbitrary Commands appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability in Microsoft Azure API Management (APIM) Developer Portal enables attackers to register accounts across different tenant instances, even when administrators have explicitly disabled user signup through the portal interface. The flaw, which Microsoft has classified as “by design,” remains unpatched as of December 1, 2025, leaving organizations potentially exposed to unauthorized […] The post Microsoft Azure API Management Flaw Enables Cross-Tenant Account Creation, Bypassing Admin Restrictions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in the Apache bRPC framework that could allow remote attackers to crash servers by sending specially crafted JSON data. The flaw, tracked as CVE-2025-59789, affects all versions of Apache bRPC before 1.15.0 across all platforms. The vulnerability exists in the json2pb component of Apache bRPC, which converts JSON data to Protocol […] The post Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to bypass Outlook’s security mechanisms, specifically the “Protected View,” to execute malicious code or steal credentials. The release of this PoC highlights the continued risk posed by […] The post PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are actively weaponizing it in the wild. The security defect, identified as CVE-2021-26829, is a Cross-Site Scripting (XSS) vulnerability rooted in the system_settings.shtm component of ScadaBR. While […] The post CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3, and 18.4.5, fix security flaws that could allow attackers to bypass authentication, steal user credentials, or crash servers through Denial-of-Service (DoS) attacks. Security experts and GitLab administrators are being urged […] The post Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
