CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

July 6, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows –

CVE-2024-54085 (CVSS score: 10.0) – An authentication bypass by spoofing

Source: Read More

Previous ArticleCritical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Next Article Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Highlights

CVE-2025-5878 – “ESAPI SQL Injection Defense Encoder Encoder.encodeForSQL Improper Neutralization”

June 29, 2025

CVE ID : CVE-2025-5878

Published : June 29, 2025, 12:15 p.m. | 3 hours, 2 minutes ago

Description : A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disclosed to the public. The project was contacted early about this issue and handled it with an exceptional level of professionalism. Upgrading to version 2.7.0.0 is able to address this issue. Commit ID f75ac2c2647a81d2cfbdc9c899f8719c240ed512 is disabling the feature by default and any attempt to use it will trigger a warning. And commit ID e2322914304d9b1c52523ff24be495b7832f6a56 is updating the misleading Java class documentation to warn about the risks.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Flaget – new small 5kB CLI argument parser

Flaget – new small 5kB CLI argument parser

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

OpenWISP – modular and programmable network management system

OpenWISP – modular and programmable network management system

xxHash – non-cryptographic hash algorithm

Fixing ‘failed to synchronize all databases’ Pacman Error in Arch Linux

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

MuZero, AlphaZero, and AlphaDev: Optimizing computer systems

Can I play The Elder Scrolls 4: Oblivion Remastered on Steam Deck, ROG Ally, and other gaming handhelds?

Beekeeping – recording damage caused by a brown bear

Salesforce AI Research Introduces New Benchmarks, Guardrails, and Model Architectures to Advance Trustworthy and Capable AI Agents

CVE-2025-5878 – “ESAPI SQL Injection Defense Encoder Encoder.encodeForSQL Improper Neutralization”

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

CRUSH is an astronomical data reduction and imaging tool

CVE-2025-52832 – “WPO-HR NGG Smart Image Search SQL Injection”

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Related Posts