CVE CyberSecurity Database News (Page 225)

Feb 20, 2025 RCE

CVE-2025-24893 - XWiki 'SolrSearch' Remote Code Execution Vulnerability Exploited by Unauthenticated Users

Recently, a critical vulnerability—CVE-2025-24893—was discovered in the XWiki Platform, a powerful and widely-used open-source wiki engine. What makes this issue especially severe is

Feb 20, 2025 Exploit

CVE-2024-55457 - MasterSAM Star Gate 11 Vulnerable to Directory Traversal via /adama/adama/downloadService (Exploit & Analysis)

In June 2024, a critical directory traversal vulnerability was discovered in MasterSAM Star Gate 11, a popular web-based access management solution. Tracked as CVE-2024-55457, this

Feb 20, 2025 RCE API

CVE-2025-0868 - Remote Code Execution in DocsGPT via /api/remote and Unsafe JSON Parsing

Summary: A critical vulnerability (CVE-2025-0868) has been found in popular open-source documentation assistant DocsGPT, versions .8.1 through .12.. If you're running an

Feb 20, 2025 RCE Windows Microsoft API Exploit

CVE-2025-27218 - Critical Remote Code Execution in Sitecore XM/XP 10.4 via Insecure Deserialization

Sitecore is a popular enterprise-grade content management system used by organizations worldwide. In March 2025, a serious vulnerability was identified in Sitecore Experience Manager (XM)

Feb 20, 2025

CVE-2025-1293 - How Weak JWT Validation in Hermes (<=.4.) Let Attackers Slip Past AWS ALB Authentication

In the world of cloud-native services, security issues can quickly ripple out and create huge risks for organizations. One such issue was discovered in Hermes—