Cyber Threat Digest

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability — Broadcom VMware Aria Operations and VMware Tools (Added: 2025-10-30) — Details CVE-2025-24893 — XWiki Platform Eval Injection Vulnerability — XWiki Platform (Added: 2025-10-30) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-43939 — Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attac… HIGH 7.8 — Details CVE-2025-43940 — Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attac… HIGH 7.8 — Details CVE-2025-43941 — Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutraliz...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-274...

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2025-6204 — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details CVE-2025-6205 — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-10-28) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-12103 — A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any nam… MEDIUM 5.0 — Details CVE-2025-12380 — Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have b… — Details CVE-2025-12390 — A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's sessio...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Adde...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Adde...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Adde...

🔥 Known Exploited Vulnerabilities (CISA KEV) 2 exploited vulns of note in the last 48 hours. CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2021-43768 — In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe. MEDIUM 5.3 — Details CVE-2025-46183 — The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may … HIGH 8.2 — Details CVE-2025-46185 — An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-20) — Details CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability — Oracle E-Business Suite (Added: 2025-10-20) — Details ...

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2022-50556 — In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref due to drmm_mode_config_init() drmm_mode_config_init() will call drm_mode_cr… — Details CVE-2022-50557 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbay_build_functions() The thunderbay_add_functions() w… — Details CVE-2022-50558 — In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new num_config_regs property in regmap_add_irq_chip_fwnode Commit faa87ce9196d ("regmap-ir… — Details CVE-2022-50559 —...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-20) — Details CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability — Oracle E-Business Suite (Added: 2025-10-20) — Details CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details CVE-2025-47827 — IGEL OS Use of a Key P...

🔥 Known Exploited Vulnerabilities (CISA KEV) 5 exploited vulns of note in the last 48 hours. CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-20) — Details CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability — Oracle E-Business Suite (Added: 2025-10-20) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-11677 — Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-6264 — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability — Rapid7 Velociraptor (Added: 2025-10-14) — Details CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View (Added: 2025-10-14) — Details CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details CVE-2025-27915 — Synacor Zimb...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-6264 — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability — Rapid7 Velociraptor (Added: 2025-10-14) — Details CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View (Added: 2025-10-14) — Details CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details CVE-2025-27915 — Synacor Zimb...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-6264 — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability — Rapid7 Velociraptor (Added: 2025-10-14) — Details CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View (Added: 2025-10-14) — Details CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details CVE-2025-27915 — Synacor Zimb...

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details CVE-2025-6264 — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability — Rapid7 Velociraptor (Added: 2025-10-14) — Details CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View (Added: 2025-10-14) — Details CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details CVE-2025-27915 — Synacor Zimb...

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-41430 — When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of T… HIGH 8.7 — Details CVE-2025-46706 — When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software vers… HIGH 8.7 — Details CVE-2025-47148 — When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an a… HIGH 7.1 — Details CVE-2025-47150 — When SNMP is configured on...