Cyber Threat Digest – 2025-10-13

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

  • CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details
  • CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) (Added: 2025-10-07) — Details
  • CVE-2021-22555 — Linux Kernel Heap Out-of-Bounds Write Vulnerability — Linux Kernel (Added: 2025-10-06) — Details
  • CVE-2010-3962 — Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability — Microsoft Internet Explorer (Added: 2025-10-06) — Details
  • CVE-2021-43226 — Microsoft Windows Privilege Escalation Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
  • CVE-2013-3918 — Microsoft Windows Out-of-Bounds Write Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
  • CVE-2011-3402 — Microsoft Windows Remote Code Execution Vulnerability — Microsoft Windows (Added: 2025-10-06) — Details
  • CVE-2010-3765 — Mozilla Multiple Products Remote Code Execution Vulnerability — Mozilla Multiple Products (Added: 2025-10-06) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2025-11635 — A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource con… MEDIUM 5.3Details
  • CVE-2025-2138 — IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side e… LOW 3.5Details
  • CVE-2025-2139 — IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enfo… LOW 3.5Details
  • CVE-2025-2140 — IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper veri… MEDIUM 5.7Details
  • CVE-2025-33096 — IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using u… MEDIUM 6.5Details
  • CVE-2025-11636 — A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035_FW_036. This issue affects some unknown processing of the component Account Handler. Such manipulation … MEDIUM 6.3Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-09-05

🔥 Known Exploited Vulnerabilities (CISA KEV) 3 exploited vulns of note in the last 48 hours. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-57263 — An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php… HIGH 7.2 — Details CVE-2024-43184 — IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an un… MEDIUM 6.1 — Detai...
Read more