Critical Archives - Online Tech

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

Admin22 hours ago03 mins mins

Ravie LakshmananJan 29, 2026Vulnerability / Software Security SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows – CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability…

Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More

Admin5 days ago023 mins mins

Ravie LakshmananJan 26, 2026Hacking News / Cybersecurity Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly. Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming…

Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

Admin2 weeks ago03 mins mins

Ravie LakshmananJan 15, 2026Web Security /Vulnerability A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and…

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Admin2 weeks ago03 mins mins

Ravie LakshmananJan 14, 2026Vulnerability / Patch Management Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. “An improper neutralization…

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Admin3 weeks ago03 mins mins

Jan 08, 2026Ravie LakshmananVulnerability / Container Security Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows – CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality…

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution

Admin4 weeks ago03 mins mins

Dec 30, 2025Ravie LakshmananVulnerability / Email Security The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of…

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Admin1 month ago02 mins mins

Dec 23, 2025Ravie LakshmananVulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. Security researcher Fatih Çelik has…

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

Admin1 month ago02 mins mins

Dec 18, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-59374 (CVSS score: 9.3), has been described as an “embedded malicious code vulnerability” introduced…

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

Admin2 months ago03 mins mins

Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations. The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below –…

Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Admin2 months ago06 mins mins

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by…