Tag: critical vulnerability
Cybersecurity Threat Advisory: Active exploitation of LiteLLM vulnerability
Security researchers have confirmed active exploitation of a critical SQL injection vulnerability in the LiteLLM proxy. This is an open‑source AI gateway widely used to centralize and manage API access to large language model (LLM) providers such as OpenAI, Anthropic,...
Cybersecurity Threat Advisory: Critical GitHub vulnerability
Researchers have recently disclosed details of a critical vulnerability affecting GitHub and GitHub Enterprise Server that could allow authenticated users to achieve remote code execution using a single git push command. The flaw has raised concerns about the security of millions...
Cybersecurity Threat Advisory: Critical SolarWinds Serv-U flaw
CVE‑2025‑40538 is a critical broken access control vulnerability in SolarWinds Serv‑U, a self‑hosted managed file transfer (MFT) and FTP/SFTP/FTPS/HTTP(S) server used for secure file exchange. Review the Cybersecurity Threat Advisory now to protect your systems from this critical vulnerability. What...
Cybersecurity Threat Advisory: Path traversal RCE in Gogs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of a critical vulnerability in the self-hosted Git service Gogs, adding it to the Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch agencies must apply mitigations or discontinue...
Cybersecurity Threat Advisory: ServiceNow AI Platform vulnerability
ServiceNow has revealed details of a critical vulnerability—now patched—in its AI Platform that could allow an unauthenticated attacker to impersonate any user and execute actions with that user’s privileges. Review this Cybersecurity Threat Advisory now to mitigate your risk and...
Cybersecurity Threat Advisory: HPE OneView vulnerability enables RCE
A newly disclosed vulnerability, tracked as CVE‑2025‑37164, affects the Hewlett Packard Enterprise (HPE) OneView product and has been assigned a CVSS score of 10.0. Read this Cybersecurity Threat Advisory for more details and recommended steps to protect your environment. What...
Cybersecurity Threat Advisory: SonicWall SMA 100 appliance vulnerability
A SonicWall SMA 100 vulnerability, tracked as CVE‑2025‑40602, is actively being exploited in the wild. SonicWall has issued patches, and CISA added the flaw to its KEV catalog, requiring federal agencies to patch by Dec. 24, 2025. Read this Cybersecurity...
Cybersecurity Threat Advisory: WinRAR vulnerability exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-6218, a path traversal vulnerability in WinRAR for Windows, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation by multiple advanced persistent threat (APT) groups. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws
Fortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature. Both carry a CVSS score of 9.8, signaling near-maximum severity. Read this Cybersecurity Threat Advisory for more details on how to secure your network infrastructure. What...
Cybersecurity Threat Advisory: Critical Microsoft Outlook vulnerability
A newly disclosed Microsoft Outlook vulnerability, tracked as CVE-2025-62562, could allow for remote code execution (RCE). Read this Cybersecurity Threat Advisory to mitigate you and your clients’ risk now. What is the threat? This use-after-free vulnerability introduces a use-after-free flaw...
