CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

June 26, 2025

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA has confirmed that a maximum severity vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks.
The MegaRAC BMC firmware provides remote …

Published Date:
Jun 26, 2025 (2 hours, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-54085

CVE-2023-34329

Source: Read More

Previous ArticleSurge in Attacks Targeting MOVEit Transfer Systems – 100+ Unique IPs Used by Attackers

Next Article Cisco ISE-servers via kritieke kwetsbaarheden volledig over te nemen

Highlights

CVE-2025-5122 – Leaflet Map Block for WordPress Stored XSS Vulnerability

May 29, 2025

CVE ID : CVE-2025-5122

Published : May 29, 2025, 9:15 a.m. | 15 minutes ago

Description : The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-54473 – Joomla Phoca Commander Authenticated Remote Code Execution

What Is a Fractional CMO, and Is It the Right Choice for You?

AustralianSuper, Rest, ART Among Victims in Widespread Superannuation Cyberattacks

CVE-2025-40909: Perl Threads Vulnerability Exposes File Operation Race Condition

CVE-2025-5122 – Leaflet Map Block for WordPress Stored XSS Vulnerability

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

Technical difficulties or cyber attack? Ingram Micro’s website goes down just in time for the holiday weekend

CVE-2025-31223 – Apple Safari Web Content Memory Corruption

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks

Related Posts