Vulnerability Report

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

• Vulnerability Report

CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

Do Son August 27, 2025 0

A critical flaw has been identified in the Welotec egOS WebGUI backend, tracked as CVE-2025-41702, which could...

Read More Read more about CVE-2025-41702 (CVSS 9.8): Critical Flaw in Welotec egOS Puts Industrial Systems at Risk

URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack

• Vulnerability Report

URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack

Do Son August 26, 2025 0

The Cloud Software Group (CSG) has released urgent security updates to address three high-severity vulnerabilities affecting NetScaler...

Read More Read more about URGENT: NetScaler Zero-Day CVE-2025-7775 Under Active Attack

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

• Vulnerability Report

Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

Do Son August 26, 2025 0

The Langflow project has issued an important security advisory regarding a newly discovered vulnerability that poses a...

Read More Read more about Langflow Hit by Privilege Escalation Flaw: CVE-2025-57760

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

• Vulnerability Report

CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

Do Son August 26, 2025 0

A newly disclosed security flaw, tracked as CVE-2025-54370, has been identified in PhpSpreadsheet, a PHP-based library that...

Read More Read more about CVE-2025-54370: SSRF Vulnerability Discovered in PhpSpreadsheet Library

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

• Vulnerability Report

Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

Do Son August 26, 2025 0

Security researchers have disclosed two critical vulnerabilities in DataEase, an open-source business intelligence (BI) tool designed for...

Read More Read more about Two RCE Vulnerabilities Found in Open-Source BI Tool DataEase

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

• Vulnerability Report

CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

Do Son August 26, 2025 0

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

Read More Read more about CISA Adds Citrix and Git Flaws to Known Exploited Vulnerabilities Catalog

TP-Link Issues Urgent Patch for KP303 Smart Plug Vulnerability (CVE-2025-8627)

• Vulnerability Report

TP-Link Issues Urgent Patch for KP303 Smart Plug Vulnerability (CVE-2025-8627)

Do Son August 26, 2025 0

TP-Link has issued a security advisory addressing a high-severity vulnerability (CVE-2025-8627) affecting its KP303 Smart Plug, warning...

Read More Read more about TP-Link Issues Urgent Patch for KP303 Smart Plug Vulnerability (CVE-2025-8627)

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

• Vulnerability Report

Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

Do Son August 26, 2025 0

Security researchers at Rapid7 have uncovered four serious vulnerabilities in Securden Unified Privileged Access Manager (PAM), a...

Read More Read more about Four Critical Flaws in a Privileged Access Manager Exposed by Rapid7

Beyond Convenience: Why a Standalone 2FA App Is Your Best Defense

• Vulnerability Report

Beyond Convenience: Why a Standalone 2FA App Is Your Best Defense

Do Son August 25, 2025 0

Earlier, encrypted email provider ProtonMail introduced a standalone two-factor authentication (2FA) tool. One might wonder why, given...

Read More Read more about Beyond Convenience: Why a Standalone 2FA App Is Your Best Defense

CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks

• Vulnerability Report

CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks

Do Son August 25, 2025 0

Salesforce Security has announced the resolution of multiple vulnerabilities in Tableau Server, identified during a proactive security...

Read More Read more about CVE-2025-26496 (CVSS 9.6): Critical Flaw in Tableau Server Expose Enterprises to Code Execution Risks

IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

• Vulnerability Report

IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

Do Son August 25, 2025 0

IBM has released a security bulletin addressing a severe vulnerability in its Jazz Team Server, a Java-based...

Read More Read more about IBM Issues Critical Patch for Jazz Team Server Vulnerability (CVE-2025-36157)

CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now

• Vulnerability Report

CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now

Do Son August 22, 2025 0

Plex Media Server (PMS) users are being urged to update their systems immediately after the discovery of...

Read More Read more about CVE-2025-34158 (CVSS 10): Plex Media Server Users Warned to Patch Critical Vulnerability Now

CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE

• Vulnerability Report

CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE

Do Son August 22, 2025 0

The Directus project has disclosed a critical vulnerability tracked as CVE-2025-55746 (CVSS 9.3) that could allow unauthenticated...

Read More Read more about CVE-2025-55746: Critical Directus Flaw Exposes Servers to Unauthenticated File Upload and RCE

CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign

• Cybercriminals
• Vulnerability Report

CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign

Do Son August 22, 2025 0

A new report from Palo Alto Networks’ Unit 42 has shed light on an unusual and stealthy...

Read More Read more about CVE-2024-36401 Exploited in Stealthy Bandwidth-Monetization Campaign

CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security

• Vulnerability Report

CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security

Do Son August 22, 2025 0

A critical security vulnerability has been disclosed in sha.js, a widely used JavaScript library that implements the...

Read More Read more about CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security

A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years

• Cyber Security
• Vulnerability Report

A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years

Do Son August 21, 2025 0

Cisco Talos has released a new analysis exposing “Static Tundra,” a Russian state-sponsored threat actor that has...

Read More Read more about A Decade of Espionage: How a Russian APT Exploited Cisco Devices (CVE-2018-0171) for Years

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories

• Vulnerability Report

Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories

Do Son August 21, 2025 0

Kudelski Security has published a detailed write-up of a critical vulnerability discovered in CodeRabbit, the most installed...

Read More Read more about Kudelski Security Exposes Critical CodeRabbit Vulnerability: RCE, Secret Leaks, and Access to 1M Repositories

CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data

• Vulnerability Report

CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data

Do Son August 21, 2025 0

The widely used Apache Tika toolkit, a powerful library for detecting and extracting metadata and text from...

Read More Read more about CVE-2025-54988: Critical XXE Vulnerability in Apache Tika PDF Parser Exposes Sensitive Data

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

• Cybercriminals
• Vulnerability Report

Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

Do Son August 21, 2025 0

BI.ZONE Threat Intelligence uncovered a series of targeted cyber-espionage campaigns conducted by the Paper Werewolf (GOFFEE) cluster,...

Read More Read more about Beyond the Inbox: How a Cyber-Espionage Group Is Exploiting Two WinRAR Vulnerabilities

Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild

• Vulnerability Report

Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild

Do Son August 20, 2025 0

Apple has released urgent security updates to patch a zero-day vulnerability actively exploited in the wild, warning...

Read More Read more about Apple Issues Urgent Patch for Zero-Day Vulnerability CVE-2025-43300 Exploited in the Wild