Remote Code Execution
Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974)
Overview Recently, NSFOCUS CERT detected that Kubernetes issued a security announcement and fixed the Kubernetes Ingress-nginx remote code execution vulnerability (CVE-2025-1974). The Ingress controller deployed in Kubernetes Pod can be accessed through ...
Apache Tomcat: Vulnerable versions downloaded nearly 100K times since PoC
A rapidly exploited vulnerability with a major blast radius A recently disclosed vulnerability in Apache Tomcat, CVE-2025-24813, is drawing significant attention due to its ease of exploitation, rapid adoption by attackers, and ...
Disposal Advisory for Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
Vulnerability Overview Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) NSFOCUS Detection Methods NSFOCUS Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS) and Network Intrusion Detection System (IDS) have the ability ...
Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813)
Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server ...
Oracle WebLogic Server Remote Code Execution and Denial of Service Vulnerability (CVE-2025-21535/CVE-2025-21549)
Overview Recently, NSFOCUS CERT detected that Oracle has released a security announcement, in which the remote code execution and denial of service vulnerabilities of Oracle WebLogic Server have been fixed. Affected users ...
0.0.0.0 Day: 18-Year-Old Browser Flaw Affects Linux and macOS
Oligo Security’s research team recently uncovered a critical vulnerability dubbed the “0.0.0.0 Day” affecting Chromium, Firefox, and Safari browsers on macOS and Linux systems. This vulnerability allows malicious websites to bypass standard ...
Vulnerabilities for AI and ML Applications are Skyrocketing
In their haste to deploy LLM tools, organizations may overlook crucial security practices. The rise in threats like Remote Code Execution indicates an urgent need to improve security measures in AI development ...
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. Actively exploited in the wild. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface ...
Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks
A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail by Quarkslab, ...
GitHub Vulnerability: Key Rotation Amid High-Severity Threat
In recent developments, GitHub, a Microsoft-owned subsidiary, has taken proactive measures to address a security vulnerability potentially exposing credentials within production containers. In this article, we’ll analyze the GitHub vulnerability incident, shedding ...
