Recent searches
Search options
#vulnerability
26 posts17 participants0 posts today
#WordPress: authentication bypass #vulnerability CVE-2025-3102 in #OttoKit plugin installed on 100,000+ websites is under active exploitation allowing attackers to perform full website takeover:
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/
A critical RCE vulnerability (CVE-2025-27520) has been found in BentoML. Affects versions 1.3.8–1.4.2 - Update to v1.4.3 ASAP.
Read: https://hackread.com/bentoml-vulnerability-remote-code-execution-ai-servers/
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto · BentoML Vulnerability Allows Remote Code Execution on AI ServersFollow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread
Critical authentication flaw reported in Siemens Industrial Edge Devices
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-flaw-reported-in-siemens-industrial-edge-devices-w-a-z-8-b/gD2P6Ple2L
BeyondMachinesCritical authentication flaw reported in Siemens Industrial Edge DevicesSiemens has disclosed a critical security vulnerability (CVE-2024-54092) with a severe CVSS score of 9.8 that affects multiple Industrial Edge Devices, allowing unauthenticated remote attackers to bypass authentication mechanisms when identity federation is used. The vulnerability impacts numerous Siemens industrial control products including IEOD, Industrial Edge Virtual Device, and various SIMATIC IPC models. Updates available for some affected devices while others like SCALANCE LPE9413 and SIMATIC IPC427E currently have no available fixes, prompting Siemens to recommend limiting network access to trusted parties only.
Vulnerability CVE-2025-22457 has received a comment on Vulnerability-Lookup:
PoC for CVE-2025-22457
http://vulnerability.circl.lu/comment/1140d063-7d5a-4971-8e08-9514c03dfef7
vulnerability.circl.luComment - PoC for CVE-2025-22457Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
You can now share your thoughts on vulnerability CVE-2025-0127 in Vulnerability-Lookup:
https://vulnerability.circl.lu/vuln/CVE-2025-0127
Palo Alto Networks - Cloud NGFW
vulnerability.circl.lucvelistv5 - CVE-2025-0127Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources.
Day 4 of “CVE/FIRST VulnCon 2025”!
Today’s agenda for all 4 tracks:
https://www.first.org/conference/vulncon2025/program#d20250410
#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25
Orgs using the SonicWall Netextender should upgrade to the latest version 10.3.2
There are three vulnerabilities fixed for Improper Privilege Management, Local Privilege Escalation and Improper Link Resolution Before File Access.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0006
@cR0w
psirt.global.sonicwall.comSecurity Advisory
Two new blogs:
1. "#Disasters that never happened: 6 preventive actions" https://www.preventionweb.net/drr-community-voices/disasters-never-happened-6-preventive-actions
2. "Mental Health #FirstAid for #Bangladesh"
https://www.psychologytoday.com/us/blog/disaster-by-choice/202504/mental-health-first-aid-in-bangladesh-10-years-of-progress
#DisastersAvoided #DRR #DisastersAreNotNatural #NoNaturalDisasters (so we avoid the phrases #NaturalDisaster #NaturalDisasters) #SendaiFramework #Switch2Sendai #SFDRR #DisasterRisk #DisasterRiskReduction #Health #MentalHealth #MHFA #MentalHealthAwareness #GlobalHealth #PublicHealth #vulnerability #resilience
www.preventionweb.net · Disasters that never happened: Six preventive actionsWhat if the next big flood, wildfire, or heatwave didn't make headlines? Not because it didn't happen, but because communities, governments and local authorities were so well-prepared that a disaster was avoided?
1,379 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of March 31, 2025
https://www.cisa.gov/news-events/bulletins/sb25-097
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
Cybersecurity and Infrastructure Security Agency CISAVulnerability Summary for the Week of March 31, 2025 | CISAHigh Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info
Thank you to everyone who attended Day 3 of “CVE/FIRST VulnCon 2025”!
Today’s agenda for all 3 tracks: https://first.org/conference/vulncon2025/program#d20250409
#VulnerabilityManagement #Vulnerability #CVE #FIRST #VulnCon25
WhatsApp for Windows Spoofing Flaw Opens Door to Remote Malware Attacks
#WhatsApp #CyberSecurity #WindowsSecurity #CVE202530401 #Infosec #DataProtection #Meta #Vulnerability #RemoteCodeExecution
If you use WhatsApp for Windows, update to the latest version now. In the meantime, avoid opening any files sent to you.
Read: https://hackread.com/whatsapp-windows-flaw-hackers-sneak-malicious-files/
Hackread - Latest Cybersecurity, Tech, AI, Crypto & Hacking News · WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious FilesFollow us on Blue Sky, Mastodon Twitter, Facebook and LinkedIn @Hackread
Sandisk is now a CVE Numbering Authority (CNA) assigning CVE IDs for Sandisk products only
https://www.cve.org/Media/News/item/news/2025/04/08/Sandisk-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement
TP-Link is now a CVE Numbering Authority (CNA) assigning CVE IDs for TP-Link issues only
https://www.cve.org/Media/News/item/news/2025/04/08/TPLink-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement
The Qt Company is now a CVE Numbering Authority (CNA) assigning CVE IDs for all supported The Qt Company products
https://www.cve.org/Media/News/item/news/2025/04/08/The-Qt-Company-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement
A big thank you to everyone who responded to our “CVE Data Usage and Satisfaction Survey” that opened on March 4 & closed on April 4, 2025
Your feedback will play a crucial role in enhancing the CVE Program & its service offerings
Day 2 of “CVE/FIRST VulnCon 2025”!
Today’s agenda for all 7 tracks: https://first.org/conference/vulncon2025/program#d20250408
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME
WhatsApp Vulnerability Could Facilitate Remote Code Execution https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/ #Vulnerabilities #vulnerability #WhatsApp #Meta #MIME