Tag: cvss
-
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges
Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel that underpins macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw, which carries a CVSS score of 8.8 (vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), enables local attackers to escalate privileges and potentially execute arbitrary code with kernel-level access. The vulnerability was discovered by Michael…
-
Critical Vulnerabilities Found in Versa Networks SD-WAN/SASE Platform
The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-zerodays-versa-networks/
-
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges. The more severe flaw, tracked as CVE-2025-20113, received a CVSS score of 7.1 (High), while the secondary vulnerability, CVE-2025-20114, was rated at 4.3 (Medium). These vulnerabilities affect all configurations of Cisco Unified Intelligence Center, including…
-
Schwachstelle in Fortinet-Produkten betrifft weltweit potenziell bis zu 2.878 Instanzen
Eine Schwachstelle mit einem besonders hohen CVSS-Wert (Common-Vulnerability-Scoring-System) von 9,8 betrifft mehrere Produkte von Fortinet und ermöglicht es nicht-authentifizierten Angreifern, beliebigen Code oder Befehle auszuführen. Dies geschieht, indem Angreifer HTTP-Anfragen mit speziell gestalteten Hash-Cookies senden. Die stapelbasierte Pufferüberlaufschwachstelle betrifft die Produkte , , , und . Der Hersteller veröffentlichte in der vergangenen Woche einen […]…
-
Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform
The unpatched vulnerabilities, with a CVSS score of 8.6 to 10.0, can lead to remote code execution via authentication bypass First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-zerodays-versa-networks/
-
Critical VMware ESXi vCenter Flaw Allows Remote Execution of Arbitrary Commands
VMware by Broadcom has released critical security updates to address multiple severe vulnerabilities affecting its virtualization products, with evidence suggesting active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, affect VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform products. With CVSS scores ranging from 7.1 to 9.3, these flaws…
-
Why CVSS is failing us and what we can do about it
How Adversarial Exposure Validation is changing the way we approach vulnerability management First seen on theregister.com Jump to article: www.theregister.com/2025/05/14/picus_cvss/
-
Severe Adobe Illustrator Flaw Allows Remote Code Execution
Adobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score…
-
Neue EU-Schwachstellen-Datenbank geht an den Start
Tags: bug, cve, cvss, cybersecurity, cyersecurity, governance, government, infrastructure, mitre, nis-2, risk, sap, software, technology, tool, vulnerabilityDie neue EU-Schwachstellen-Datenbank EUVD soll das CVE-Programm ergänzen.Seit dieser Woche verfügt die Technologiebranche über eine neue Datenbank, um die neuesten Sicherheitslücken in Software zu überprüfen: die European Union Vulnerability Database (EUVD). Das Programm wurde von der Europäischen Agentur für Cybersicherheit (ENISA) zur Umsetzung der EU-Cybersicherheitsrichtlinie NIS2 eingerichtet.Hier stellt sich die Frage: Warum braucht es ein…
-
Microsoft Alerts on AD CS Flaw Enabling Remote DenialService Attacks
Microsoft has issued a security advisory for a newly identified vulnerability in Active Directory Certificate Services (AD CS), tracked as CVE-2025-29968, which could allow authenticated attackers to disrupt critical certificate management operations over a network. Rated Important with a CVSS v3.1 score of 6.5, the flaw stems from improper input validation (CWE-20) and enables denial-of-service…
-
Windows CLFS Zero-Day Vulnerability Actively Exploited in the Wild
Microsoft has disclosed two critical security vulnerabilities in the Windows Common Log File System (CLFS) Driver that are currently being exploited in the wild. Released on May 13, 2025, the vulnerabilities-identified as CVE-2025-32706 and CVE-2025-32701-both allow local privilege escalation and have been classified as >>Important
-
Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild.Of the 78 flaws resolved by the tech giant, 11 are rated Critical, 66 are rated Important, and one is rated Low in severity.…
-
New Windows RDP Vulnerability Enables Network-Based Attacks
Microsoft has disclosed two critical vulnerabilities in its Windows Remote Desktop services that could allow attackers to execute arbitrary code on vulnerable systems over a network. Designated CVE-2025-29966 and CVE-2025-29967, these heap-based buffer overflow flaws affect the Windows Remote Desktop Protocol (RDP) and Remote Desktop Gateway (RD Gateway) service, respectively. Both vulnerabilities carry a CVSS…
-
Critical 0-Day in Windows DWM Enables Privilege Escalation
Microsoft has disclosed a significant security vulnerability (CVE-2025-30400) affecting the Windows Desktop Window Manager (DWM) that is actively being exploited in the wild. The flaw, rated as >>Important
-
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.”A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to First…
-
CISA Warns of TeleMessage Vuln Despite Low CVSS Score
Though the app claims to use end-to-end encryption, hackers have reportedly accessed archived data on the app’s servers via a new vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cisa-warns-telemessage-vuln-low-cvss-score
-
Commvault fixes critical Command Center issue after flaw finder alert
Pay-to-play security on CVSS 10 issue is now fixed First seen on theregister.com Jump to article: www.theregister.com/2025/05/13/patch_commvault_cvss_10/
-
The Ongoing Risks of Hardcoded JWT Keys
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system but the real story is that […]…
-
Critical Azure and Power Apps Vulnerabilities Allow Attackers to Exploit RCE
Microsoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers to escalate privileges, perform spoofing attacks, or access sensitive information. Security researchers discovered these high-severity flaws, with one receiving a maximum CVSS score of 10.0, underscoring the potential impact on enterprise environments. The most severe…
-
BSidesLV24 Proving Ground CVSS v4 A Better Version Of An Imperfect Solution
Author/Presenter: Mário Leitão-Teixeira Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-proving-ground-cvss-v4-a-better-version-of-an-imperfect-solution/
-
CVE funding crisis offers chance for vulnerability remediation rethink
Tags: access, ai, awareness, best-practice, cisa, cve, cvss, cybersecurity, data, exploit, Hardware, healthcare, intelligence, iot, kev, least-privilege, metric, mfa, microsoft, network, open-source, penetration-testing, risk, software, threat, tool, training, update, vulnerability, vulnerability-managementAutomatic for the people: AI technologies could act as a temporary bridge for vulnerability triage, but not a replacement for a stable CVE system, according to experts consulted by CSO.”Automation and AI-based tools can also enable real-time discovery of new vulnerabilities without over-relying on standard CVE timelines,” said Haris Pylarinos, founder and chief executive of…
-
CVSS 10.0 Vulnerability Found in Ubiquity UniFi Protect Cameras
Ubiquity has disclosed two security vulnerabilities affecting its widely used video surveillance platform, UniFi Protect. One of the flaws, now assigned the identifier CVE-2025-23123, has been rated as critical with a maximum CVSS score of 10.0. Both issues have been addressed in recent firmware and application updates, and the company is urging users to install…