#path-traversal

[ follow ]
#nlweb #microsoft #commvault #remote-code-execution #argument-injection #winrar #cve-2025-8088 #zero-day
fromTheregister
2 weeks ago

Commvault releases patches for two pre-auth RCE bug chains

The first chain involves two vulnerabilities ( CVE-2025-57791 and CVE-2025-57790), an argument injection in CommServe and a path traversal bug respectively. The severity scores for the flaws are not especially concerning on their own, but chained together they become more dangerous. In Commvault's advisory, it describes CVE-2025-57791 as a vulnerability that allows attackers to retrieve a valid user session for a low-privilege role, assigning it a CVSS score of 6.9 (medium severity).
Information security
Privacy professionals
fromThe Hacker News
3 weeks ago

WinRAR Zero-Day Under Active Exploitation - Update to Latest Version Immediately

WinRAR released an update addressing CVE-2025-8088, a zero-day vulnerability causing path traversal and allowing arbitrary code execution.
Privacy technologies
fromIT Pro
1 month ago

Microsoft patched a critical vulnerability in its NLWeb AI search tool - but there's no CVE (yet)

A critical flaw in NLWeb enables remote users to read sensitive files without authorization.
Privacy professionals
fromThe Verge
1 month ago

Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw

A critical vulnerability in Microsoft's NLWeb protocol allows remote users to access sensitive files.
[ Load more ]