Friday, May 23, 2025

CVE/vulnerability

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, which is hosted...

PoC Code Published for Linux nftables Security Vulnerability

Security researchers have published proof-of-concept (PoC) exploit code for CVE-2024-26809, a high-severity double-free vulnerability in Linux’s nftables firewall subsystem. The flaw allows local attackers to escalate...

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple privilege escalation vulnerabilities in its widely used IOS XE Software. The...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in its widely used IOS, IOS XE, and IOS XR software. The...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), potentially allowing unauthenticated remote attackers to gain full control...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers vulnerable to the recently disclosed Apache Parquet vulnerability, CVE-2025-30065. This...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several...

IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads

 IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos Analytics platform. These flaws, tracked as CVE-2024-40695 (Malicious File Upload) and CVE-2024-51466 (Expression Language...

Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code

Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform, which could have allowed authenticated attackers to execute malicious...

Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code

A newly disclosed security vulnerability in Elastic’s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on...

Samsung MagicINFO 9 Server Vulnerability Actively Exploited in the Wild

A critical security vulnerability in the Samsung MagicINFO 9 Server has come under active exploit, security researchers from Arctic Wolf have warned. The flaw, tracked...