Cyber Threat Digest – 2025-10-20

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

  • CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details
  • CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details
  • CVE-2025-24990 — Microsoft Windows Untrusted Pointer Dereference Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details
  • CVE-2025-59230 — Microsoft Windows Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-14) — Details
  • CVE-2025-6264 — Rapid7 Velociraptor Incorrect Default Permissions Vulnerability — Rapid7 Velociraptor (Added: 2025-10-14) — Details
  • CVE-2016-7836 — SKYSEA Client View Improper Authentication Vulnerability — SKYSEA Client View (Added: 2025-10-14) — Details
  • CVE-2021-43798 — Grafana Path Traversal Vulnerability — Grafana Labs Grafana (Added: 2025-10-09) — Details
  • CVE-2025-27915 — Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability — Synacor Zimbra Collaboration Suite (ZCS) (Added: 2025-10-07) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2025-11941 — A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler… MEDIUM 5.3Details
  • CVE-2025-11942 — A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possi… MEDIUM 6.9Details
  • CVE-2025-11943 — A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to … MEDIUM 6.9Details
  • CVE-2025-11944 — A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This … MEDIUM 5.1Details
  • CVE-2025-11945 — A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads t… MEDIUM 5.1Details
  • CVE-2025-11946 — A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact P… MEDIUM 5.1Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-10-16

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-41430 — When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of T… HIGH 8.7 — Details CVE-2025-46706 — When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software vers… HIGH 8.7 — Details CVE-2025-47148 — When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an a… HIGH 7.1 — Details CVE-2025-47150 — When SNMP is configured on...
Read more