Vulnerability

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

• Vulnerability Report

SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

Do Son September 9, 2025 0

Today, SAP released 21 new Security Notes and 4 updates as part of its monthly Security Patch...

Read More Read more about SAP Security Patch Day Fixes Four Critical Flaws, Including a CVSS 10.0 RCE (CVE-2025-42944)

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

• Vulnerability Report

CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Do Son September 9, 2025 0

The pREST project has issued a security advisory for CVE-2025-58450, a systemic SQL injection flaw that threatens...

Read More Read more about CVE-2025-58450: Critical SQL Injection Flaw in pREST Puts PostgreSQL Databases at Risk

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

• Vulnerability Report

Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

Do Son September 9, 2025 0

Adobe has broken from its regular patch schedule to release an emergency fix for CVE-2025-54236, a vulnerability...

Read More Read more about Adobe Issues Emergency Patch for SessionReaper (CVE-2025-54236), One of Magento’s Most Critical Flaws

CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

• Vulnerability Report

CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

Do Son September 9, 2025 0

Spring has disclosed a critical vulnerability in Spring Cloud Gateway Server WebFlux that allows attackers to modify...

Read More Read more about CVE-2025-41243 (CVSS 10): Critical Spring Cloud Gateway Server WebFlux Flaw Exposes Property Modification Risk

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

• Vulnerability

PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

Do Son September 8, 2025 0

The developers of pgAdmin, the most widely used open-source administration and development platform for PostgreSQL, have patched...

Read More Read more about PgAdmin Flaw Exposes Accounts to OAuth Hijacking Attacks

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

• Vulnerability Report

CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

Do Son September 8, 2025 0

Security researcher Lumina Mescuwa has disclosed a critical vulnerability in ImageMagick, tracked as CVE-2025-57807 (CVSS 9.8). The...

Read More Read more about CVE-2025-57807: A Critical Flaw in ImageMagick Could Lead to RCE, PoC Available

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

• Vulnerability Report

CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Do Son September 8, 2025 0

The Apache Software Foundation has disclosed a new vulnerability in Apache Jackrabbit Core and JCR Commons, tracked...

Read More Read more about CVE-2025-58782: Apache Jackrabbit Vulnerability Exposes Systems to JNDI Injection and RCE

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

• Vulnerability Report

Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Do Son September 8, 2025 0

Progress Software has released patches for a high-severity vulnerability in the OpenEdge AdminServer component, tracked as CVE-2025-7388...

Read More Read more about Progress Patches Remote Command Execution Flaw in OpenEdge AdminServer (CVE-2025-7388)

Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

• Vulnerability Report

Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

Do Son September 8, 2025 0

The Podman project has issued a security advisory warning of a high-severity vulnerability in the container management...

Read More Read more about Podman Patches Symlink Traversal Vulnerability in kube play Command (CVE-2025-9566)

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

• Vulnerability Report

CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

Do Son September 8, 2025 0

Security researcher Salah Chafai, an Exploit Development & Security specialist, has disclosed a critical flaw in the...

Read More Read more about CVE-2025-57052: Critical JSON Parsing Flaw in cJSON With CVSS 9.8, PoC Available

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

• Vulnerability Report

CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Do Son September 7, 2025 0

The Astro project has disclosed a high-severity vulnerability in its Cloudflare adapter, tracked as CVE-2025-58179 (CVSS 7.2)....

Read More Read more about CVE-2025-58179: Astro Cloudflare Adapter Vulnerability Enables SSRF

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

• Vulnerability Report

Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

Do Son September 6, 2025 0

The FreePBX project has issued an important security advisory addressing two vulnerabilities that pose significant risks to...

Read More Read more about Two New High-Severity Flaws in FreePBX Puts Admins and APIs at Risk

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

• Vulnerability Report

CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

Do Son September 5, 2025 0

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities...

Read More Read more about CISA Adds Three New Vulnerabilities to Catalog, Urges Immediate Patching

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

• Vulnerability Report

CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

Do Son September 5, 2025 0

Ruijie Networks has released a security advisory addressing a critical vulnerability in its Reyee RG-ES series switches...

Read More Read more about CVE-2025-56752: Remote Attackers Can Gain Full Administrative Access to Affected Ruijie Networks Devices Without Authentication

A Massive Coordinated Attack Is Probing Cisco ASA Devices

• Cybercriminals

A Massive Coordinated Attack Is Probing Cisco ASA Devices

Do Son September 5, 2025 0

The GreyNoise Intelligence team has observed two unusually large waves of scanning activity targeting Cisco Adaptive Security...

Read More Read more about A Massive Coordinated Attack Is Probing Cisco ASA Devices

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

• Vulnerability Report

CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

Do Son September 5, 2025 0

ABB has issued a cybersecurity advisory disclosing multiple vulnerabilities affecting its ASPECT Building Management System (BMS), including...

Read More Read more about CVE-2025-53187: Critical RCE in ABB ASPECT BMS with CVSS 9.8, No Prior Authentication

CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

• Vulnerability

CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

Do Son September 4, 2025 0

The widely used Python library DeepDiff, downloaded over 36 million times per month, has been found vulnerable...

Read More Read more about CVSS 10.0 RCE in Popular Python Library (36M+ Monthly Downloads), PoC Available

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

• Vulnerability

GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

Do Son September 4, 2025 0

The GNU Guix team has issued a critical security advisory warning users to immediately update their systems...

Read More Read more about GNU Guix Issues Advisory for a Critical Privilege Escalation Flaw

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

• Vulnerability Report

A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

Do Son September 4, 2025 0

Researchers from Palo Alto Networks’ Unit 42 have disclosed a critical weakness in the AI supply chain...

Read More Read more about A Critical Flaw Is Exposing the AI Supply Chain to “Model Namespace Reuse” Attacks

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk

• Vulnerability Report

CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk

Do Son September 4, 2025 0

The Django Software Foundation has released important security updates for multiple supported versions of the popular Python...

Read More Read more about CVE-2025-57833: A New SQL Injection Flaw Puts Django Web Applications at Risk