ASUS Driver Hub Vulnerabilities Could Let Malicious Websites Gain Admin Privileges
ASUS Driver Hub Vulnerabilities Could Let Malicious Websites Gain Admin Privileges Two critical vulnerabilities, CVE-2025-3462 and CVE-2025-3463, have been discovered in ASUS DriverHub, a utility designed to help users update drivers on ASUS systems. These flaws could be exploited by malicious actors to execute unauthorized commands with elevated privileges. The issues stem from insufficient origin […]
Critical Remote Code Execution Vulnerability in Cisco Webex App
Critical Remote Code Execution Vulnerability in Cisco Webex App Cisco has disclosed a critical vulnerability tracked as CVE-2025-20236, affecting its popular Webex video conferencing platform. This flaw allows attackers to execute code remotely on a user’s machine. All they need to do is trick someone into clicking a specially crafted meeting link. The vulnerability lies […]
Vulnerabilities in CrushFTP Could Allow Internal Scanning and SMB File Access
Vulnerabilities in CrushFTP Could Allow Internal Scanning and SMB File Access CrushFTP versions 9.x, 10.x up to 10.8.4, and 11.x up to 11.3.1 are affected by two critical vulnerabilities: CVE-2025-32102 (Server-Side Request Forgery) and CVE-2025-32103 (Directory Traversal). The SSRF flaw stems from improper validation of telnetSocket requests, allowing arbitrary port scanning. The Directory Traversal issue […]
Critical Remote Vulnerability in Gladinet CentreStack and Triofox Actively Exploited
Critical Remote Vulnerability in Gladinet CentreStack and Triofox Actively Exploited In March 2025, a critical vulnerability identified as CVE-2025-30406 was discovered in Gladinet CentreStack and Triofox platforms. This flaw, stemming from the use of hardcoded cryptographic keys in the web.config files, allows attackers to perform remote code execution (RCE) by exploiting ASP.NET ViewState deserialization. The […]
Apple Fixes Critical macOS Vulnerability April Security Update
Apple Fixes Critical macOS Vulnerability April Security Update Apple has released an urgent security patch to address a critical vulnerability (CVE-2025-24280) affecting macOS Sequoia and macOS Sonoma. This kernel-level flaw, disclosed on April 3, 2025, impacts systems running macOS Sequoia versions prior to 15.4 and macOS Sonoma versions prior to 14.7.5. The vulnerability allows potentially […]
Fortinet Urges Immediate Action on Critical FortiSwitch Vulnerability
Fortinet Urges Immediate Action on Critical FortiSwitch Vulnerability In a recent advisory, Fortinet has sounded the alarm over a critical vulnerability affecting its popular FortiSwitch product line. Tracked as CVE-2024-48887 and rated 9.3 on the CVSS v3 scale, the flaw opens the door for unauthenticated attackers to remotely change the admin password on a FortiSwitch […]
Cisco Patches Two High-Severity Flaws in ECE and Meraki VPN Devices
Cisco Patches Two High-Severity Flaws in ECE and Meraki VPN Devices Cisco has released security updates to fix two newly discovered high-severity vulnerabilities (CVE-2025-20139) and (CVE-2025-20212) impacting its Enterprise Chat and Email (ECE) platform and Meraki MX/Z Series VPN devices. Both flaws could be exploited to cause Denial-of-Service (DoS) conditions, potentially leading to service outages […]
Critical Vulnerabilities in Ivanti Products Leave Enterprises Exposed to Remote Attacks
Critical Vulnerabilities in Ivanti Products Leave Enterprises Exposed to Remote Attacks Ivanti has released urgent patches addressing four high-severity vulnerabilities9 (CVE-2025-22457, CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644)affecting its widely used Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) products. These flaws open the door to remote code execution, unauthorized file manipulation, and command injection, […]
Apache Traffic Server Flaw Enables HTTP Request Smuggling Attacks
Apache Traffic Server Flaw Enables HTTP Request Smuggling Attacks A critical vulnerability in Apache Traffic Server (ATS) allows attackers to exploit the server’s handling of chunked messages to execute HTTP request smuggling attacks. Identified as CVE-2024-53868, this flaw can result in serious security threats, including firewall bypass, cache poisoning and session hijacking. The vulnerability affects […]
High-Severity Vulnerability in VMware Tools Allows Privilege Escalation
High-Severity Vulnerability in VMware Tools Allows Privilege Escalation A newly discovered high-severity vulnerability (CVE-2025-22230) in VMware Tools for Windows could allow attackers with limited access inside a virtual machine (VM) to escalate their privileges and execute high-privilege operations. Affecting VMware Tools versions 11.x.x and 12.x.x, this flaw has been assigned a CVSSv3 score of 7.8, […]