Cyber Threat Digest

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...

🔥 Known Exploited Vulnerabilities (CISA KEV) 3 exploited vulns of note in the last 48 hours. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-57263 — An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php… HIGH 7.2 — Details CVE-2024-43184 — IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an un… MEDIUM 6.1 — Detai...

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2024-13068 — Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue affects LimonDesk: from s1.02.14 before v1.02.17. HIGH 7.3 — Details CVE-2025-0878 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects… MEDIUM 4.7 — Details CVE-2025-26210 — An Cross-Site Scripting (XSS) vulnerability in DeepSeek R1 through V3.1 allows a remote attacker to execute arbitrary code via unspecifi...

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2024-12974 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft ProKuaför allows Cross-Site Scripting (XSS).This issue affects… MEDIUM 4.3 — Details CVE-2025-0670 — Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08. MEDIUM 4.7 — Details CVE-2025-2413 — Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authent...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-57819 — Sangoma FreePBX Authentication Bypass Vulnerability — Sangoma FreePBX (Added: 2025-08-29) — Details CVE-2025-7775 — Citrix NetScaler Memory Overflow Vulnerability — Citrix NetScaler (Added: 2025-08-26) — Details CVE-2025-48384 — Git Link Following Vulnerability — Git Git (Added: 2025-08-25) — Details CVE-2024-8068 — Citrix Session Recording Improper Privilege Management Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2024-8069 — Citrix Session Recording Deserialization of Untrusted Data Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2025-43300 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and macOS (Added: 2025-08-21) — Details CVE-2025-54948 — Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One (Added: 2025-08-18) — Details CVE-2025-8876 — N-able N-Central Comma...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-57819 — Sangoma FreePBX Authentication Bypass Vulnerability — Sangoma FreePBX (Added: 2025-08-29) — Details CVE-2025-7775 — Citrix NetScaler Memory Overflow Vulnerability — Citrix NetScaler (Added: 2025-08-26) — Details CVE-2025-48384 — Git Link Following Vulnerability — Git Git (Added: 2025-08-25) — Details CVE-2024-8068 — Citrix Session Recording Improper Privilege Management Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2024-8069 — Citrix Session Recording Deserialization of Untrusted Data Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2025-43300 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and macOS (Added: 2025-08-21) — Details CVE-2025-54948 — Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One (Added: 2025-08-18) — Details CVE-2025-8876 — N-able N-Central Comma...