#command-injection

[ follow ]
#meteobridge #cve-2025-4008 #cisa-kev #unauthenticated-rce #cve-2025-10035 #fortra-goanywhere
Information security
fromSecurityWeek
16 hours ago

Organizations Warned of Exploited Meteobridge Vulnerability

A Meteobridge command-injection vulnerability (CVE-2025-4008) has been exploited in attacks and added to CISA's Known Exploited Vulnerabilities catalog.
Information security
fromThe Hacker News
17 hours ago

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
Information security
fromThe Hacker News
1 week ago

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
Information security
fromSecurityWeek
1 week ago

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

A command-injection vulnerability in Libraesva ESG allows arbitrary shell command execution via crafted compressed email attachments; patches available for ESG 5.x while 4.x is discontinued.
Information security
fromThe Hacker News
2 weeks ago

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.
Information security
fromThe Hacker News
1 month ago

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Phishing emails deliver RAR archives whose filenames contain Base64-encoded Bash commands that execute VShell via shell command injection when file names are parsed.
[ Load more ]