Security

Sudo-rs make me a sandwich, hold the buffer overflows

Canonical’s Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security bugs and lock down core system components. …
Read more

Published Date:
May 08, 2025 (5 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2021-3156

Multiple SonicWall SMA 100 Vulnerabilities Let Attackers Compromise Systems

SonicWall has disclosed multiple high-severity vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products.
Security researchers from Rapid7 discovered three significant post-authenti …
Read more

Published Date:
May 08, 2025 (4 hours, 47 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-32821

CVE-2025-32820

CVE-2025-32819

CVE-2025-27533

Apache ActiveMQ Vulnerability Let Attackers Trigger DoS Condition

A significant vulnerability has been discovered in Apache ActiveMQ, the widely used open-source message broker.
The flaw, officially tracked as CVE-2025-27533, enables remote attackers to trigger a De …
Read more

Published Date:
May 08, 2025 (4 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-27533

Akamai meldt actief misbruik van lekken in GeoVision IoT-apparaten

Aanvallers maken actief misbruik van twee kwetsbaarheden in Internet of Things (IoT) apparaten van fabrikant Akamai, zo melden internetbedrijf Akamai en het Amerikaanse cyberagentschap CISA. De appara …
Read more

Published Date:
May 08, 2025 (4 hours, 25 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-11120

CVE-2024-6047

Detecting Vulnerable Commvault Environments Within Azure Using KQL Query

Cybersecurity analysts are racing to respond to an active exploitation campaign targeting Commvault environments in Microsoft Azure through the recently identified CVE-2025-3928 vulnerability.
This cr …
Read more

Published Date:
May 08, 2025 (3 hours, 30 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3928

Cisco: hardcoded token in wireless controller software geeft aanvaller rootrechten

Cisco waarschuwt voor een kritieke kwetsbaarheid in de IOS XE wireless controller software waardoor een ongeauthenticeerde remote aanvaller willekeurige commando’s als root kan uitvoeren. De impact va …
Read more

Published Date:
May 08, 2025 (3 hours, 22 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20188

Nmap 7.96 Released With New Scanning Features & Upgraded Libraries

The Nmap Project has officially released version 7.96 of its powerful network scanning tool.
The release introduces a suite of technical enhancements, including dramatically faster DNS resolution, new …
Read more

Published Date:
May 08, 2025 (2 hours, 49 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-54772

Vulnerabilities in Netis Systems WF2220 software

CVE ID
CVE-2025-3758
Publication date
08 May 2025
Vendor
Netis Systems
Product
WF2220
Vulnerable versions
1.2.31706
Vulnerability type (CWE)
Missing Authentication for Critical Function (CWE-306)
Repo …
Read more

Published Date:
May 08, 2025 (1 hour, 21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-3759

CVE-2025-3758

CVE ID : CVE-2025-1252

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1254

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-1253

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-40846

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.

The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3759

Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing.
The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41450

Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3758

Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password.
The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version

Vulnerability / IT Service
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated …
Read more

Published Date:
May 07, 2025 (20 hours, 8 minutes ago)

Vulnerabilities has been mentioned in this article.

Lockbit Ransomware Hacked – Leaked Database Exposes Internal Chats

The notorious LockBit ransomware operation has suffered a significant breach. Attackers defaced their dark web infrastructure and leaking a comprehensive database containing sensitive operational deta …
Read more

Published Date:
May 08, 2025 (4 hours, 42 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-4577

Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers

Cisco has disclosed a critical security vulnerability in its IOS XE Wireless LAN Controllers that could allow unauthorized attackers to gain complete control of affected devices.
The flaw, assigned th …
Read more

Published Date:
May 08, 2025 (4 hours, 29 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-20188