Main Menu

CVE Vulnerability Alerts

CISA Updates KEV Catalog to Include OpenPLC ScadaBR Vulnerability
CVE Vulnerability Alerts
CISA Updates KEV Catalog to Include OpenPLC ScadaBR Vulnerability
December 1, 2025
CISA updates its Known Exploited Vulnerabilities (KEV) catalog with CVE-2021-26829, a security flaw impacting OpenPLC ScadaBR, used in industrial control systems.
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
Grafana Vulnerability Addressing Critical Security Flaw in SCIM Component
CVE Vulnerability Alerts
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
CVE Vulnerability Alerts
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
November 21, 2025
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
CVE Vulnerability Alerts
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
Application Security
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
November 17, 2025
RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution. Attackers are hijacking unpatched XWiki ...
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
CVE Vulnerability Alerts
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
November 16, 2025
ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch immediately and disable internet-exposed services.
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Load More
Trending
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.