Cyber Threat Digest – 2025-08-31

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

  • CVE-2025-57819 — Sangoma FreePBX Authentication Bypass Vulnerability — Sangoma FreePBX (Added: 2025-08-29) — Details
  • CVE-2025-7775 — Citrix NetScaler Memory Overflow Vulnerability — Citrix NetScaler (Added: 2025-08-26) — Details
  • CVE-2025-48384 — Git Link Following Vulnerability — Git Git (Added: 2025-08-25) — Details
  • CVE-2024-8068 — Citrix Session Recording Improper Privilege Management Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details
  • CVE-2024-8069 — Citrix Session Recording Deserialization of Untrusted Data Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details
  • CVE-2025-43300 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and macOS (Added: 2025-08-21) — Details
  • CVE-2025-54948 — Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One (Added: 2025-08-18) — Details
  • CVE-2025-8876 — N-able N-Central Command Injection Vulnerability — N-able N-Central (Added: 2025-08-13) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2005-10004 — Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the gra… HIGH 8.7Details
  • CVE-2008-20001 — activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long s… HIGH 7.5Details
  • CVE-2009-20008 — Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to… HIGH 8.6Details
  • CVE-2009-20009 — Belkin Bulldog Plus version 4.0.2 build 1219 contains a stack-based buffer overflow vulnerability in its web service authentication handler. When a specially crafted HTTP request i… CRITICAL 9.3Details
  • CVE-2009-20010 — Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user inpu… CRITICAL 9.3Details
  • CVE-2009-20011 — ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the… CRITICAL 10.0Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-10-16

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-41430 — When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of T… HIGH 8.7 — Details CVE-2025-46706 — When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software vers… HIGH 8.7 — Details CVE-2025-47148 — When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an a… HIGH 7.1 — Details CVE-2025-47150 — When SNMP is configured on...
Read more