Cyber Threat Digest – 2025-10-24

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

  • CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details
  • CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details
  • CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details
  • CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details
  • CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-20) — Details
  • CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability — Oracle E-Business Suite (Added: 2025-10-20) — Details
  • CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details
  • CVE-2025-47827 — IGEL OS Use of a Key Past its Expiration Date Vulnerability — IGEL IGEL OS (Added: 2025-10-14) — Details

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

  • CVE-2025-11429 — A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me"… MEDIUM 5.4Details
  • CVE-2025-1679 — Cross-site Scripting has been identified in Moxa's Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device's web … MEDIUM 4.8Details
  • CVE-2025-1680 — An acceptance of extraneous untrusted data with trusted data vulnerability has been identified in Moxa's Ethernet switches, which allows attackers with administrative privileges to… NONE 0.0Details
  • CVE-2025-53701 — Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS (Cross-site Scripting) attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized pr… MEDIUM 4.8Details
  • CVE-2025-53702 — Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action… HIGH 7.1Details
  • CVE-2025-60852 — A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanit… MEDIUM 6.5Details

📰 Security News

Top headlines from trusted sources.

Comments

Post a Comment

Popular posts from this blog

Cyber Threat Digest – 2025-09-14

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-5086 — Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability — Dassault Systèmes DELMIA Apriso (Added: 2025-09-11) — Details CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critica...
Read more

Cyber Threat Digest – 2025-09-06

🔥 Known Exploited Vulnerabilities (CISA KEV) 8 exploited vulns of note. CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability — Linux Kernel (Added: 2025-09-04) — Details CVE-2025-48543 — Android Runtime Use-After-Free Vulnerability — Android Runtime (Added: 2025-09-04) — Details CVE-2025-53690 — Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability — Sitecore Multiple Products (Added: 2025-09-04) — Details CVE-2023-50224 — TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability — TP-Link TL-WR841N (Added: 2025-09-03) — Details CVE-2025-9377 — TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability — TP-Link Multiple Routers (Added: 2025-09-03) — Details CVE-2020-24363 — TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability — TP-Link TL-WA855RE (Added: 2025-09-02) — Details CVE-2025-55177 — Meta Platforms WhatsApp Incorrect Authorization Vulnerability — Met...
Read more

Cyber Threat Digest – 2025-10-16

🔥 Known Exploited Vulnerabilities (CISA KEV) 1 exploited vulns of note in the last 48 hours. CVE-2025-54253 — Adobe Experience Manager Forms Code Execution Vulnerability — Adobe Experience Manager (AEM) Forms (Added: 2025-10-15) — Details ⚠️ Recent CVEs (NVD) Latest CVEs with CVSS badges. CVE-2025-41430 — When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of T… HIGH 8.7 — Details CVE-2025-46706 — When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software vers… HIGH 8.7 — Details CVE-2025-47148 — When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an a… HIGH 7.1 — Details CVE-2025-47150 — When SNMP is configured on...
Read more