Cyber Threat Digest – 2025-09-26

🔥 Known Exploited Vulnerabilities (CISA KEV)

2 exploited vulns of note in the last 48 hours.

  • CVE-2025-20362 — Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details
  • CVE-2025-20333 — Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability — Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense (Added: 2025-09-25) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2025-10467 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student A… HIGH 8.9Details
  • CVE-2025-10540 — iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext wit… MEDIUM 6.5Details
  • CVE-2025-10948 — A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation… HIGH 7.4Details
  • CVE-2025-26278 — A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. HIGH 7.5Details
  • CVE-2025-27261 — Ericsson Indoor Connect 8855 contains a SQL injection vulnerability which if exploited can lead to unauthorized disclosure and modification of user and configuration data. HIGH 8.7Details
  • CVE-2025-57317 — apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions t… HIGH 7.5Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-09-05

🔥 Known Exploited Vulnerabilities (CISA KEV) 3 exploited vulns of note in the last 48 hours. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-57263 — An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php… HIGH 7.2 — Details CVE-2024-43184 — IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an un… MEDIUM 6.1 — Detai...
Read more