Elastic patches critical Kibana flaw allowing code execution

Elastic fixed a critical flaw in the Kibana data visualization dashboard software for Elasticsearch that could lead to arbitrary code execution. Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch. Kibana provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line […]

CVE-2025-25012 impacts Kibana

thecyberthrone.in - 07/Mar 01:12

CVE-2025-25012 is a critical vulnerability identified in Elastic Kibana, a widely used data visualization and exploration platform for Elasticsearch....

WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks

itsecuritynews.info - 05/Mar 15:04

A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote...

Windows KDC Proxy RCE Vulnerability Allows Remote Server Takeover

itsecuritynews.info - 05/Mar 06:03

A recently patched remote code execution (RCE) vulnerability in Microsoft Windows’ Key Distribution Center (KDC) Proxy implementation allows...

Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

securityaffairs.co - 07/Mar 19:18

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns...

CVE-2025-27364 affects MITRE Caldera

thecyberthrone.in - 01/Mar 05:01

CVE-2025-27364 is a critical Remote Code Execution (RCE) vulnerability identified in MITRE Caldera, a highly regarded cybersecurity platform used for...

CVE-2024-4577 impacts PHP and exploited in wild

thecyberthrone.in - 12:04

CVE-2024-4577 is a critical Remote Code Execution (RCE) vulnerability affecting PHP when running in CGI mode on Windows systems with Apache. This flaw...

U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog

securityaffairs.co - 23/Feb 15:07

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog....

NITDA Warns of ‘Malicious Viper’ Striking Critical Security Flaw in Jupiter X Core WordpPress Plugin

technologymirror.com.ng - 06/Mar 18:08

National Information Technology Development Agency (NITDA), has uncovered a critical security flaw in the Jupiter X Core plugin for WordPress,...

Cisco fixed command injection and DoS flaws in Nexus switches

securityaffairs.co - 28/Feb 11:59

Cisco addressed command injection and denial-of-service (DoS) vulnerabilities in some models of its Nexus switches. Cisco released security updates to...

PoC Exploit Released for F5 BIG-IP Command Injection Vulnerability

itsecuritynews.info - 24/Feb 05:32

Security researchers have disclosed critical details about CVE-2025-20029, a command injection vulnerability in F5’s BIG-IP Traffic Management...

Rubriques :