Subscribe
Saturday, April 25, 2026
type here...
Subscribe
HomeTagsVulnerability

Tag: Vulnerability

Persistent XSS Vulnerability in IPFire Web Interface via Authenticated Administrator

In a critical security advisory, researchers have disclosed a stored cross-site scripting (XSS) vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi). Tracked as CVE-2025-50975, the vulnerability enables any authenticated administrator to inject arbitrary JavaScript that remains persistently stored in firewall rule parameters. When other...
Read more

Critical 0-Day RCE Vulnerability in Citrix NetScaler ADC & Gateway Under Active Exploitation

A critical security bulletin warning that attackers are actively exploiting a zero-day remote code execution vulnerability in NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2025-7775, has achieved a critical CVSS v4.0 base score of 9.2 and enables attackers to execute arbitrary code remotely...
Read more

PhpSpreadsheet Library Vulnerability Allows Injection of Malicious HTML

A critical Server-Side Request Forgery (SSRF) vulnerability has been discovered in the popular PHP library PhpSpreadsheet, allowing attackers to inject arbitrary HTML content that triggers HTTP requests from the server. Tracked as CVE-2025-54370 and published under GitHub Security Advisory GHSA-rx7m-68vc-ppxh, the vulnerability affects a...
Read more

Apple 0-Day RCE Vulnerability: PoC Exploit and Analysis Released

A detailed proof-of-concept exploit and vulnerability analysis for CVE-2025-43300, a critical zero-click remote code execution vulnerability affecting Apple devices. The vulnerability, which Apple acknowledges may have been exploited in sophisticated targeted attacks, represents one of the most dangerous iOS vulnerabilities discovered in recent years. CVE-2025-43300...
Read more

New QUIC-LEAK Vulnerability Exposes Servers to Memory Exhaustion and Denial-of-Service

A critical vulnerability in the widely-used LSQUIC QUIC implementation that allows attackers to crash servers through memory exhaustion before any connection handshake is established. The vulnerability, designated CVE-2025-54939 and dubbed "QUIC-LEAK," bypasses all standard QUIC protection mechanisms and affects the second most popular QUIC...
Read more

Copilot Vulnerability Exposes Audit Logs and Grants Secret Access to Attackers

A critical security vulnerability in Microsoft's M365 Copilot allowed users to access sensitive files without generating audit log entries, effectively enabling insider threats to operate undetected. The vulnerability, discovered in July and quietly patched in August, highlights serious concerns about audit trail integrity and...
Read more

About us

The Cyber News is an online community for security professionals. It features articles from top security researchers, CISOs, and technology experts.

Company

The latest

Burp Suite Supercharges Its Scanning Capabilities With React2Shell Vulnerability Detection

Cybersecurity News 0
PortSwigger has leveled up Burp Suite's scanning arsenal with...

Malicious MCP Servers Enable New Prompt Injection Attack To Drain Resources

Cybersecurity News 0
Unit 42 researchers at Palo Alto Networks exposed serious...

Law Enforcement Detains Hackers Equipped With Specialized Flipper Hacking Tools

Cyber News 0
Polish police have arrested three Ukrainian men traveling through...

Subscribe

© 2025 the Cyber News