N-gated Hacker NewsDec 4
🚹 ALERT! 🚹 #NextJS finally achieved what we all thought impossible: a CVSS 10.0 vulnerability! 🎯 Bravo, they've hit the bullseye of FAIL! 🙈 It's always heartwarming when devs leave the #backdoor open for #hackers to make themselves at home. 🏠🔓
https://nextjs.org/blog/CVE-2025-66478 #Vulnerability #CVSS10 #SecurityFail #HackerNews #ngated
Security Advisory: CVE-2025-66478

A critical vulnerability (CVE-2025-66478) has been identified in the React Server Components protocol. Users should upgrade to patched versions immediately.

Jonas LejonMay 8, 2025

⚠ Kritisk sĂ„rbarhet i Cisco IOS XE Wireless Controller – godtycklig filuppladdning möjlig. CVSS-score pĂ„ 10 av 10 möjliga!

https://kryptera.se/kritisk-sarbarhet-i-cisco-ios-xe-wireless-controller-godtycklig-filuppladdning-mojlig/

#Cisco #IOSXE #CiscoWLC #CVSS10 #CVE202520188 #SÄrbarhet #InformationssÀkerhet #ITsÀkerhet #RootAccess #RCE #JWT #HardCodedCredentials #PathTraversal #WirelessLAN #Catalyst9800 #NÀtverkssÀkerhet #SÄrbarhetsanalys #Exploit #Cybersecurity #SecurityAdvisory

Kritisk sĂ„rbarhet i Cisco IOS XE Wireless Controller – godtycklig filuppladdning möjlig ‱ CybersĂ€kerhet och IT-sĂ€kerhet

Cisco publicerade igĂ„r information om en allvarlig sĂ„rbarhet med det maximala CVSS-betyget 10 av 10! SĂ„rbarheten pĂ„verkar Cisco IOS XE Software för Wireless LAN Controllers (WLCs) och kan utnyttjas av en obehörig extern angripare för att ladda upp godtyckliga filer till systemet. En lyckad attack kan i förlĂ€ngningen ge angriparen möjlighet att köra kommandon med [
]

CybersÀkerhet och IT-sÀkerhet
Marcel SIneM(S)USMay 18, 2024
#Patchday: #Intel schließt unter anderem kritische LĂŒcke mit Höchstwertung | Security https://www.heise.de/news/Patchday-Intel-schliesst-unter-anderem-kritische-Luecke-mit-Hoechstwertung-9722185.html #CVSS10
Patchday: Intel schließt unter anderem kritische LĂŒcke mit Höchstwertung

Der Chiphersteller löst mehrere Sicherheitsprobleme in verschiedenen Produkten. Betroffen sind etwa die UEFI-Firmware von Servern und ein KI-Tool.

heise online
Dr. Christopher KunzJan 12, 2024
GitLab admins: Get patchin'. Now. https://cku.gt/D4bjM
This 0day is exploited ITW as we speak, I have multiple reports of successful admin account takeovers.
#0day #gitlab #privesc #patchnow #cvss10
GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6

Learn more about GitLab Critical Security Release: 16.7.2, 16.6.4, 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).

GitLab
Joel BennettNov 29, 2023

This #owncloud graphapi vulnerability (seriously, phpinfo, in 2023?) is one of those things that only affect a fraction of users, but if you're affected, you'd better have already addressed it, because the #exploit is live.

https://arstechnica.com/security/2023/11/owncloud-vulnerability-with-a-maximum-10-severity-rating-comes-under-mass-exploitation/

#CVSS10

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation

Easy-to-exploit flaw gives hackers passwords and cryptographic keys to vulnerable servers.

Ars Technica