Cyber Threat Digest – 2025-09-06
🔥 Known Exploited Vulnerabilities (CISA KEV)
8 exploited vulns of note.
- CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
- CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
- CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
- CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
- CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
- CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
- CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details
- CVE-2025-57819 — Sangoma FreePBX Authentication Bypass Vulnerability — Sangoma FreePBX (Added: 2025-08-29) — Details
⚠️ Recent CVEs (NVD)
Latest CVEs with CVSS badges.
- CVE-2025-10011 — A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of th… MEDIUM 5.3 — Details
- CVE-2025-58783 — Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.… MEDIUM 4.3 — Details
- CVE-2025-58784 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox allows Stored XSS. This issue affects ARI Fancy Lig… MEDIUM 6.5 — Details
- CVE-2025-58785 — Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise… MEDIUM 5.4 — Details
- CVE-2025-58786 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons allows DOM-Based XSS. This issue a… MEDIUM 6.5 — Details
- CVE-2025-58787 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup allows Stored XSS. This issue affects Themify Popup: f… MEDIUM 6.5 — Details
📰 Security News
Top headlines from trusted sources.
- Microsoft now enforces MFA on Azure Portal sign-ins for all tenants
— Fri, 05 Sep 2025 19:32:05 GMT - EU fines Google $3.5 billion for anti-competitive ad practices
— Fri, 05 Sep 2025 16:36:03 GMT - Financial services firm Wealthsimple discloses data breach
— Fri, 05 Sep 2025 15:36:48 GMT - Max severity Argo CD API flaw leaks repository credentials
— Fri, 05 Sep 2025 15:30:18 GMT - Microsoft gives US students a free year of Microsoft 365 Personal
— Fri, 05 Sep 2025 14:31:03 GMT - Don't let outdated IGA hold back your security, compliance, and growth
— Fri, 05 Sep 2025 14:02:12 GMT
Comments
Post a Comment