Vulnerability Report

CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6

• Vulnerability Report

CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6

Do Son September 9, 2025 0

Rockwell Automation has issued a security advisory for a critical vulnerability in its Stratix industrial Ethernet switches,...

Read More Read more about CVE-2025-7350: Critical RCE Flaw in Rockwell Stratix Switches Scores CVSS 9.6

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

• Vulnerability Report

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

Do Son September 9, 2025 0

Today, SAP released 21 new Security Notes and 4 updates as part of its monthly Security Patch...

Read More Read more about SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

• Vulnerability Report

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Do Son September 9, 2025 0

The pREST project has issued a security advisory for CVE-2025-58450, a systemic SQL injection flaw that threatens...

Read More Read more about CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

• Vulnerability Report

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

Do Son September 9, 2025 0

Adobe has broken from its regular patch schedule to release an emergency fix for CVE-2025-54236, a vulnerability...

Read More Read more about Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

• Vulnerability Report

CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

Do Son September 9, 2025 0

Spring has disclosed a critical vulnerability in Spring Cloud Gateway Server WebFlux that allows attackers to modify...

Read More Read more about CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

• Vulnerability Report

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

Do Son September 8, 2025 0

Security researcher Lumina Mescuwa has disclosed a critical vulnerability in ImageMagick, tracked as CVE-2025-57807 (CVSS 9.8). The...

Read More Read more about CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

• Vulnerability Report

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Do Son September 8, 2025 0

The Apache Software Foundation has disclosed a new vulnerability in Apache Jackrabbit Core and JCR Commons, tracked...

Read More Read more about CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

• Vulnerability Report

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Do Son September 8, 2025 0

Progress Software has released patches for a high-severity vulnerability in the OpenEdge AdminServer component, tracked as CVE-2025-7388...

Read More Read more about Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

• Vulnerability Report

Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

Do Son September 8, 2025 0

The Podman project has issued a security advisory warning of a high-severity vulnerability in the container management...

Read More Read more about Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

• Vulnerability Report

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

Do Son September 8, 2025 0

Security researcher Salah Chafai, an Exploit Development & Security specialist, has disclosed a critical flaw in the...

Read More Read more about CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

• Vulnerability Report

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Do Son September 7, 2025 0

The Astro project has disclosed a high-severity vulnerability in its Cloudflare adapter, tracked as CVE-2025-58179 (CVSS 7.2)....

Read More Read more about CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

• Vulnerability Report

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

Do Son September 6, 2025 0

The FreePBX project has issued an important security advisory addressing two vulnerabilities that pose significant risks to...

Read More Read more about Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns

• Vulnerability Report

Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns

Do Son September 5, 2025 0

Yesterday, we reported that security researchers had discovered three unauthorized digital certificates for Cloudflare’s public DNS server...

Read More Read more about Cloudflare 1.1.1.1 Hit by 12 Unauthorized Certificates: Fina CA’s Misissuance Raises Microsoft Trust Concerns

Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190)

• Vulnerability Report

Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190)

Do Son September 5, 2025 0

The Argo CD project has disclosed and patched a critical vulnerability (CVE-2025-55190, CVSS 10) affecting its popular...

Read More Read more about Argo CD Patches Critical CVSS 10 Vulnerability Exposing Repository Credentials (CVE-2025-55190)

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

• Vulnerability Report

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

Do Son September 5, 2025 0

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

Read More Read more about CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

• Vulnerability Report

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Do Son September 5, 2025 0

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches...

Read More Read more about CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

• Vulnerability Report

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

Do Son September 5, 2025 0

ABB has issued a cybersecurity advisory disclosing multiple vulnerabilities affecting its ASPECT Building Management System (BMS), including...

Read More Read more about CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild

• Vulnerability Report

CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild

Do Son September 4, 2025 0

Manufacturing operations are increasingly threatened not just by IoT weaknesses, but also by vulnerabilities in the complex...

Read More Read more about CVE-2025-5086 (CVSS 9.0): A Critical RCE in DELMIA Apriso with Exploit Attempts Seen in the Wild

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service

• Vulnerability Report

A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service

Do Son September 4, 2025 0

Cybersecurity experts have issued warnings regarding three anomalous TLS certificates associated with Cloudflare’s widely used DNS service...

Read More Read more about A Misissued Certificate Found for Cloudflare’s 1.1.1.1 DNS Service

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

• Vulnerability Report

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

Do Son September 4, 2025 0

Researchers from Palo Alto Networks’ Unit 42 have disclosed a critical weakness in the AI supply chain...

Read More Read more about A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks