CVSS 10.0
-
Cisco patches maximum-severity flaw in Secure Workload
Cisco has patched a CVSS 10.0 flaw in Secure Workload that could let an unauthenticated remote attacker read sensitive data and make configuration changes. The company said it found the bug during internal testing and has seen no signs of abuse.
-
HPE fixes critical OneView flaw rated CVSS 10.0 that allows remote code execution
Hewlett Packard Enterprise has fixed a CVSS 10.0 vulnerability in OneView (CVE-2025-37164) that could allow unauthenticated remote code execution; patches, version 11.00 and hotfixes for earlier releases, are available and should be applied promptly.
-
Grafana patches CVSS 10.0 SCIM flaw that could allow impersonation
Grafana released updates to fix CVE-2025-41115, a CVSS 10.0 vulnerability in its SCIM provisioning component that could allow privilege escalation or user impersonation when specific configuration options are enabled; affected Enterprise versions and fixed releases were listed and users are urged to apply patches.
-
Qilin ransomware deployed Linux payload on Windows using BYOVD and legitimate IT tools, researchers say
Researchers report that the Qilin ransomware group has been highly active through 2025, using leaked credentials, credential-harvesting tools and legitimate remote-management software to deploy a Linux ransomware binary on Windows systems while employing BYOVD and targeting backup infrastructure.
-
Researchers disclose two CVSS 10.0 flaws in Red Lion Sixnet RTUs
Security researchers have disclosed two CVSS 10.0 vulnerabilities (CVE-2023-40151 and CVE-2023-42770) in Red Lion Sixnet RTUs that can allow unauthenticated attackers to execute commands as root; vendors and agencies advise patching, enabling authentication and blocking TCP access.
