South African Airways (SAA), the country’s flag carrier, has confirmed that it suffered a significant cyber incident on Saturday, May…
Security
61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This…
Sudo-rs make me a sandwich, hold the buffer overflows
Canonical’s Ubuntu 25.10 is set to make sudo-rs, a Rust-based rework of the classic sudo utility, the default – part of a push to cut memory-related security bugs and lock down core system components. …
Read more
Published Date:
May 08, 2025 (5 hours, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2021-3156
Multiple SonicWall SMA 100 Vulnerabilities Let Attackers Compromise Systems
SonicWall has disclosed multiple high-severity vulnerabilities affecting its Secure Mobile Access (SMA) 100 series products.
Security researchers from Rapid7 discovered three significant post-authenti …
Read more
Published Date:
May 08, 2025 (4 hours, 47 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32821
CVE-2025-32820
CVE-2025-32819
CVE-2025-27533
Apache ActiveMQ Vulnerability Let Attackers Trigger DoS Condition
A significant vulnerability has been discovered in Apache ActiveMQ, the widely used open-source message broker.
The flaw, officially tracked as CVE-2025-27533, enables remote attackers to trigger a De …
Read more
Published Date:
May 08, 2025 (4 hours, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-27533
Akamai meldt actief misbruik van lekken in GeoVision IoT-apparaten
Aanvallers maken actief misbruik van twee kwetsbaarheden in Internet of Things (IoT) apparaten van fabrikant Akamai, zo melden internetbedrijf Akamai en het Amerikaanse cyberagentschap CISA. De appara …
Read more
Published Date:
May 08, 2025 (4 hours, 25 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-11120
CVE-2024-6047
Detecting Vulnerable Commvault Environments Within Azure Using KQL Query
Cybersecurity analysts are racing to respond to an active exploitation campaign targeting Commvault environments in Microsoft Azure through the recently identified CVE-2025-3928 vulnerability.
This cr …
Read more
Published Date:
May 08, 2025 (3 hours, 30 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3928
Cisco: hardcoded token in wireless controller software geeft aanvaller rootrechten
Cisco waarschuwt voor een kritieke kwetsbaarheid in de IOS XE wireless controller software waardoor een ongeauthenticeerde remote aanvaller willekeurige commando’s als root kan uitvoeren. De impact va …
Read more
Published Date:
May 08, 2025 (3 hours, 22 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20188
Nmap 7.96 Released With New Scanning Features & Upgraded Libraries
The Nmap Project has officially released version 7.96 of its powerful network scanning tool.
The release introduces a suite of technical enhancements, including dramatically faster DNS resolution, new …
Read more
Published Date:
May 08, 2025 (2 hours, 49 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-54772
Vulnerabilities in Netis Systems WF2220 software
CVE ID
CVE-2025-3758
Publication date
08 May 2025
Vendor
Netis Systems
Product
WF2220
Vulnerable versions
1.2.31706
Vulnerability type (CWE)
Missing Authentication for Critical Function (CWE-306)
Repo …
Read more
Published Date:
May 08, 2025 (1 hour, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-3759
CVE-2025-3758
CVE ID : CVE-2025-1252
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.4 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1254
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Out-of-bounds Read, Out-of-bounds Write vulnerability in RTI Connext Professional (Core Libraries) allows Overread Buffers, Overflow Buffers.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 6.0.0 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1253
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-40846
Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago
Description : Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites (Open Redirect) and inject JavaScript code to perform cross site scripting attack.
The vulnerability affects Halo versions up to 2.174.101 and all versions between 2.175.1 and 2.184.21
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3759
Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : Endpoint /cgi-bin-igd/netcore_set.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing.
The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-41450
Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : Improper Authentication vulnerability in Danfoss AKSM8xxA Series.This issue affects Danfoss AK-SM 8xxA Series prior to version 4.2
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-3758
Published : May 8, 2025, 10:15 a.m. | 1 hour, 52 minutes ago
Description : WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password.
The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Vulnerability / IT Service
Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated …
Read more
Published Date:
May 07, 2025 (20 hours, 8 minutes ago)
Vulnerabilities has been mentioned in this article.
Lockbit Ransomware Hacked – Leaked Database Exposes Internal Chats
The notorious LockBit ransomware operation has suffered a significant breach. Attackers defaced their dark web infrastructure and leaking a comprehensive database containing sensitive operational deta …
Read more
Published Date:
May 08, 2025 (4 hours, 42 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-4577
Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers
Cisco has disclosed a critical security vulnerability in its IOS XE Wireless LAN Controllers that could allow unauthorized attackers to gain complete control of affected devices.
The flaw, assigned th …
Read more
Published Date:
May 08, 2025 (4 hours, 29 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-20188