Tag: vulnerability
Cybersecurity Threat Advisory: MongoDB RCE vulnerability
MongoDB has disclosed a high‑severity vulnerability, tracked as CVE‑2025‑14847, that could allow unauthenticated remote code execution (RCE). The flaw stems from the Zlib compression handler and can be exploited with low complexity, posing a serious risk to data confidentiality and...
Cybersecurity Threat Advisory: Critical ArrayOS VPN flaw
Attackers are exploiting a command injection vulnerability in ArrayOS AG VPN devices to plant PHP webshells and create rogue users. CISA has added this vulnerability to the Known Exploited Vulnerabilities (KEV) catalog. Review this Cybersecurity Threat Advisory to discover recommended...
Cybersecurity Threat Advisory: Apache Tika vulnerability
A maximum-severity Extensible Markup Language (XML) External Entity (XXE) injection vulnerability has been disclosed in Apache Tika, tracked as CVE-2025-66516 with a CVSS score of 10.0. Review this Cybersecurity Threat Advisory now to mitigate your risk and potential impact. What...
Cybersecurity Threat Advisory: Oracle Identity Manager vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. Read this Cybersecurity Threat Advisory to learn about the current risk and apply relevant patches now. What...
Cybersecurity Threat Advisory: Fluent Bit vulnerabilities
Five vulnerabilities have been identified in Fluent Bit. Upon a successful exploitation, attackers could bypass authentication, perform path traversal, execute remote code, or cause denial of service. Review this Cybersecurity Threat Advisory now to secure you or your clients’ infrastructure....
Cybersecurity Threat Advisory: Critical Windows Kernel zero-day vulnerability
CVE-2025-62215 is a Windows Kernel flaw that lets attackers escalate to SYSTEM privileges, persist, access data, and move laterally. Attackers are actively exploiting this zero-day in the wild. Review this Cybersecurity Threat Advisory for best practices and recommendations to mitigate...
Cybersecurity Threat Advisory: Critical WatchGuard Fireware vulnerability
CISA has added CVE-2025-9242 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed exploitation in the wild. This critical flaw allows unauthenticated remote code execution (RCE) via malformed IKEv2 VPN packets in WatchGuard Fireware. Continue reading this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Critical WatchGuard firewall flaw
A critical remote-code execution (RCE) vulnerability in WatchGuard Firebox, tracked as CVE-2025-9242 with a CVSS score of 9.3, allows unauthenticated attackers to execute arbitrary code. Review the information in this Cybersecurity Threat Advisory to learn more. What is the threat?...
Cybersecurity Threat Advisory: Critical flaw in DELMIA Apriso MOM software
CISA has added CVE-2025-5086, a critical remote code execution (RCE) vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software, to its catalog following confirmed active exploitation. Review the details of this Cybersecurity Threat Advisory to keep your system...
Cybersecurity Threat Advisory: Passwordstate emergency patch released
Click Studios has released an emergency update for Passwordstate 9.9 to address a high-severity security vulnerability. According to the changelog, the flaw could be exploited to bypass authentication. Review the details in this Cybersecurity Threat Advisory to reduce your risk...
