Cyber Threat Digest – 2025-09-23
🔥 Known Exploited Vulnerabilities (CISA KEV)
8 exploited vulns of note.
- CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details
- CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details
- CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details
- CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details
- CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details
- CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details
- CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details
- CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Meta Platforms WhatsApp (Added: 2025-09-02) — Details
⚠️ Recent CVEs (NVD)
Latest CVEs with CVSS badges.
- CVE-2025-10800 — A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argume… MEDIUM 6.9 — Details
- CVE-2025-10801 — A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulatio… MEDIUM 6.9 — Details
- CVE-2025-51006 — Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is t… HIGH 7.8 — Details
- CVE-2025-56074 — A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote… CRITICAL 9.8 — Details
- CVE-2025-56075 — A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote at… MEDIUM 5.4 — Details
- CVE-2025-10802 — A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes… MEDIUM 6.9 — Details
📰 Security News
Top headlines from trusted sources.
- SolarWinds releases third patch to fix Web Help Desk RCE bug
— Tue, 23 Sep 2025 13:41:54 GMT - SonicWall releases SMA100 firmware update to wipe rootkit malware
— Tue, 23 Sep 2025 13:15:33 GMT - GitHub tightens npm security with mandatory 2FA, access tokens
— Tue, 23 Sep 2025 12:05:37 GMT - NPM package caught using QR Code to fetch cookie-stealing malware
— Tue, 23 Sep 2025 10:42:14 GMT - Airport disruptions in Europe caused by a ransomware attack
— Mon, 22 Sep 2025 21:24:19 GMT - American Archive of Public Broadcasting fixes bug exposing restricted media
— Mon, 22 Sep 2025 20:25:07 GMT
Comments
Post a Comment