#remote-code-execution
#remote-code-execution
[ follow ]
#cybersecurity #vulnerabilities #vulnerability #commvault #security-vulnerabilities #sharepoint #microsoft
fromZDNET
1 week agoUpdate your Samsung phone ASAP to patch this zero-day flaw exploited in the wild
Samsung has issued a patch to resolve a critical vulnerability impacting its Android smartphone users. All impacted phone models will receive the fix, which patches a vulnerability tracked as . The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described as an "out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code."
Information security
Information security
fromThe Hacker News
1 week agoChaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.
Information security
fromThe Hacker News
1 month agoFreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
A critical CVE-2025-57819 FreePBX vulnerability enables unauthenticated arbitrary database manipulation and remote code execution; internet-exposed ACPs should be upgraded and restricted.
fromGameSpot
1 month agoCall Of Duty: WW2 Is Once Again Available For PC Game Pass After Reportedly Serious Security Issue
Activision has brought Call of Duty: World War II back to the Microsoft Store and Xbox PC App after it was removed more than a month ago, though the company has still not said a word about what happened. A statement released on August 27 confirmed that the 2017 game has returned, and is once again available for PC Game Pass players. However, there was no explanation as to anything else related to the game's removal on July 4.
Video games
fromThe Hacker News
1 month agoCISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git
CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording that could allow for privilege escalation to NetworkService Account access when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain CVE-2024-8069 (CVSS score: 5.1) - A deserialization of untrusted data vulnerability in Citrix Session Recording that allows limited remote code execution with the privileges of a NetworkService Account access when an attacker is an authenticated user on the same intranet as the session recording server
Information security
#commvault
fromTechzine Global
5 months agoInformation security
Commvault vulnerability poses serious risk to company data
Commvault's Command Center has a serious vulnerability (CVE-2025-34028) that allows remote code execution.
Organizations must ensure their systems are updated to version 11.38.20 to mitigate the risk.
fromThe Hacker News
1 month agoGoogle's August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6) by the chipmaker back in June 2025.
Privacy technologies
fromTechCrunch
2 months agoActivision took down Call of Duty game after PC players hacked, says source | TechCrunch
The game is not safe to play on PC right now, there's an RCE exploit, which allows hackers the ability to plant malware capable of essentially taking control of a victim's device.
Video games
fromThe Hacker News
3 months agoHPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass
These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
Information security
[ Load more ]