Posts

Cyber Threat Digest – 2025-11-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-48703 — CWP Control Web Panel OS Command Injection Vulnerability — CWP Control Web Panel (Added: 2025-11-04) — Details CVE-2025-11371 — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability — Gladinet CentreStack and Triofox (Added: 2025-11-04) — Details CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-5...
Post a Comment
Read more

Cyber Threat Digest – 2025-11-05

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2025-48703 — CWP Control Web Panel OS Command Injection Vulnerability — CWP Control Web Panel (Added: 2025-11-04) — Details CVE-2025-11371 — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability — Gladinet CentreStack and Triofox (Added: 2025-11-04) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-12184 — The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitizati… MEDIUM 4.4 — Details CVE-2025-63294 — WorkDo HRM SaaS HR and Payroll Tool 8.1 is affected vulnerable to Insecure Permissions. An authenticated user can create leave or resignation records on behalf of other users. MEDIUM 6.5 — Details CVE-2025-54323 — An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850...
Post a Comment
Read more

Cyber Threat Digest – 2025-11-04

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932...
Post a Comment
Read more

Cyber Threat Digest – 2025-11-03

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932...
Post a Comment
Read more

Cyber Threat Digest – 2025-11-02

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932...
Post a Comment
Read more

Cyber Threat Digest – 2025-11-01

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932...
Post a Comment
Read more

Cyber Threat Digest – 2025-10-31

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-43939 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attac… HIGH 7.8 — Details CVE-2025-43940 — Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attac… HIGH 7.8 — Details CVE-2025-43941 — Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz...
Post a Comment
Read more