Cyber Threat Digest – 2025-09-13

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

  • CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
  • CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
  • CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
  • CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
  • CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
  • CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
  • CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
  • CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2025-10364 — The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management inte… CRITICAL 9.3Details
  • CVE-2025-10365 — The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management inte… CRITICAL 9.3Details
  • CVE-2025-59058 — httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses … MEDIUM 5.9Details
  • CVE-2025-59139 — Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the con… MEDIUM 5.3Details
  • CVE-2025-9556 — Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files… CRITICAL 9.8Details
  • CVE-2025-10319 — A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Exp… MEDIUM 5.3Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-09-05

🔥 Known Exploited Vulnerabilities (CISA KEV) 3 exploited vulns of note in the last 48 hours. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-57263 — An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php… HIGH 7.2 — Details CVE-2024-43184 — IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an un… MEDIUM 6.1 — Detai...
Read more

Cyber Threat Digest – 2025-08-28

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-7775 — Citrix NetScaler Memory Overflow Vulnerability — Citrix NetScaler (Added: 2025-08-26) — Details CVE-2025-48384 — Git Link Following Vulnerability — Git Git (Added: 2025-08-25) — Details CVE-2024-8068 — Citrix Session Recording Improper Privilege Management Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2024-8069 — Citrix Session Recording Deserialization of Untrusted Data Vulnerability — Citrix Session Recording (Added: 2025-08-25) — Details CVE-2025-43300 — Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability — Apple iOS, iPadOS, and macOS (Added: 2025-08-21) — Details CVE-2025-54948 — Trend Micro Apex One OS Command Injection Vulnerability — Trend Micro Apex One (Added: 2025-08-18) — Details CVE-2025-8876 — N-able N-Central Command Injection Vulnerability — N-able N-Central (Added: 2025-08-13) — Details CVE-2025-8875 — N-able N-Central Insecure...
Read more