Xerox patches critical vulnerability in FreeFlow Core application

Threat Score:
68
Cybersecurity Dive
19 hours ago

Overview

Researchers at Horizon3.ai discovered the flaw after flagging unusual behavior in a customer environment....

Related Articles

5 articles
1

Zoom patches critical Windows flaw allowing privilege escalation

Security Affairs 2 hours ago

Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows. An unauthenticated user can exploit the vulnerability to conduct an […]

Score
84
Read more
3

Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks

Cybersecurity News 1 hour ago

A critical security vulnerability has been discovered in the popular “Database for Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […]

Score
83
Read more
4
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

GB Hackers 4 hours ago

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to executearbitrary codeon vulnerable systems. The proof-of-concept exploits are now publicly available, raising immediate concerns for organizations using the popular print orchestration platform. Critical Vulnerabilities Discovered Cybersecurity firm Horizon3.aidiscoveredtwo severe vulner

Score
80
Read more
5

Proxyware Campaign Piggybacks on Popular YouTube Video Download Services

GB Hackers 3 hours ago

Proxyware Campaign Piggybacks on Popular YouTube Video Download Services The AhnLab Security Intelligence Center (ASEC) has uncovered fresh instances of proxyware distribution by threat actors leveraging deceptive advertising on freeware sites. Building on prior reports, such as the “DigitalPulse Proxyware Being Distributed Through Ad Pages” analysis, this campaign continues to exploit unwitting users in South Korea, installing unauthorized bandwidth-sharing tools like DigitalPulse and Honeygain

Score
79
Read more