Cyber Threat Digest – 2025-10-03

🔥 Known Exploited Vulnerabilities (CISA KEV)

5 exploited vulns of note in the last 48 hours.

  • CVE-2014-6278 — GNU Bash OS Command Injection Vulnerability — GNU GNU Bash (Added: 2025-10-02) — Details
  • CVE-2017-1000353 — Jenkins Remote Code Execution Vulnerability — Jenkins Jenkins (Added: 2025-10-02) — Details
  • CVE-2015-7755 — Juniper ScreenOS Improper Authentication Vulnerability — Juniper ScreenOS (Added: 2025-10-02) — Details
  • CVE-2025-21043 — Samsung Mobile Devices Out-of-Bounds Write Vulnerability — Samsung Mobile Devices (Added: 2025-10-02) — Details
  • CVE-2025-4008 — Smartbedded Meteobridge Command Injection Vulnerability — Smartbedded Meteobridge (Added: 2025-10-02) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2023-28760 — TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker ob… HIGH 7.5Details
  • CVE-2025-53881 — A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumblewe… MEDIUM 6.9Details
  • CVE-2025-56379 — A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injec… — Details
  • CVE-2025-56380 — Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to th… MEDIUM 6.5Details
  • CVE-2025-56381 — ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters. MEDIUM 6.5Details
  • CVE-2025-59735 — Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a PO… CRITICAL 9.3Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-10-16

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-41430 — When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of T… HIGH 8.7 — Details CVE-2025-46706 — When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software vers… HIGH 8.7 — Details CVE-2025-47148 — When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an a… HIGH 7.1 — Details CVE-2025-47150 — When SNMP is configured on...
Read more