-
A newly discovered critical vulnerability in the Next.js framework allows attackers to crash self-hosted servers using a single HTTP request, requiring negligible resources to execute. Discovered by researchers at Harmony Intelligence, the denial-of-service (DoS) flaw affects widespread versions of the framework, including the latest 15.x branch prior to the patch. The vulnerability resides in the […] The post New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A significant issue has been disclosed that affects multiple versions of the identity and access management platform. The flaw stems from a hardcoded default encryption key used for password storage, allowing attackers with database access to recover plaintext passwords. The vulnerability impacts Apache Syncope when configured to store user passwords in the internal database with […] The post Apache Syncope Vulnerability Allows Attacker to Access Internal Database Content appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an incorrect default configuration in Vault’s Terraform Provider. Specifically, the provider set the deny_null_bind parameter […] The post HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool connecting to dropped Azure Blob storage accounts that attackers could register and control. How the Vulnerability Works The vulnerability exists in version 1.0 of the Update […] The post Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components and could allow authenticated attackers to execute arbitrary code, escalate privileges, and alter system data. The flaws pose a significant threat to organizations deploying NVIDIA’s robotics solutions across industrial automation, research […] The post NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed caching plugins. With over 1 million active installations, the vulnerability poses a significant risk to countless websites worldwide. RCE Security discovers that the flaw exists in W3 Total Cache’s dynamic content […] The post PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Tenda N300 wireless routers and 4G03 Pro portable LTE devices face severe security threats from multiple command injection vulnerabilities that allow attackers to execute arbitrary commands with root privileges. The affected devices currently lack vendor patches, leaving users vulnerable. The vulnerabilities stem from improper handling of user input within critical service functions on these Tenda […] The post Tenda N300 Vulnerabilities Let Attacker to Execute Arbitrary Commands as Root User appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A concerning vulnerability in DeepSeek-R1, a Chinese-developed artificial intelligence coding assistant. When the AI model encounters politically sensitive topics related to the Chinese Communist Party, it produces code with severe security flaws at rates up to 50% higher than usual. Released in January 2025 by Chinese AI startup DeepSeek, the R1 model initially appeared comparable […] The post DeepSeek-R1 Makes Code for Prompts With Severe Security Vulnerabilities appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Wireshark Foundation has rolled out a crucial security update for its widely used network protocol analyzer, addressing multiple vulnerabilities that could lead to denial-of-service conditions. The latest release, version 4.6.1, specifically targets flaws discovered in the Bundle Protocol version 7 (BPv7) and Kafka dissectors. These vulnerabilities, if left unpatched, allow attackers to forcibly crash […] The post Wireshark Vulnerabilities Let Attackers Crash by Injecting a Malformed Packet appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to immediately address a critical security flaw in Oracle Identity Manager following reports of active exploitation. The vulnerability, tracked as CVE-2025-61757, allows unauthenticated remote attackers to execute arbitrary code on affected systems, posing a severe threat to enterprise and government networks. This warning comes in […] The post CISA Warns of Oracle’s Identity Manager RCE Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
