#command-injection

[ follow ]
#cve-2025-10035 #fortra-goanywhere #deserialization-vulnerability #active-exploitation #libraesva
Information security
fromThe Hacker News
6 days ago

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
Information security
fromSecurityWeek
1 week ago

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

A command-injection vulnerability in Libraesva ESG allows arbitrary shell command execution via crafted compressed email attachments; patches available for ESG 5.x while 4.x is discontinued.
Information security
fromThe Hacker News
2 weeks ago

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.
Information security
fromThe Hacker News
1 month ago

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Phishing emails deliver RAR archives whose filenames contain Base64-encoded Bash commands that execute VShell via shell command injection when file names are parsed.
[ Load more ]