Tag: remote attackers
-
Bulletins: Vulnerability Summary for the Week of August 25, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-245 Source: Bulletins Title: Vulnerability Summary for the Week of August 25, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000projects–Online Project Report Submission and Evaluation System A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown…
-
The Register: Cisco’s Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole
Source URL: https://www.theregister.com/2025/08/15/cisco_secure_firewall_management_bug/ Source: The Register Title: Cisco’s Secure Firewall Management Center now not-so secure, springs a CVSS 10 RCE hole Feedly Summary: Switchzilla’s summer of perfect 10s Cisco has issued a patch for a maximum-severity bug in its Secure Firewall Management Center (FMC) software that could allow an unauthenticated, remote attacker to inject arbitrary…
-
The Register: Watch out, another max-severity, make-me-root Cisco bug on the loose
Source URL: https://www.theregister.com/2025/07/17/critical_cisco_bug/ Source: The Register Title: Watch out, another max-severity, make-me-root Cisco bug on the loose Feedly Summary: Three perfect 10s in the last month – ISE, ISE, baby Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector…
-
Bulletins: Vulnerability Summary for the Week of June 23, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-181 Source: Bulletins Title: Vulnerability Summary for the Week of June 23, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 70mai–M300 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet…
-
The Register: Cisco fixes two critical make-me-root bugs on Identity Services Engine components
Source URL: https://www.theregister.com/2025/06/26/patch_up_cisco_fixes_two/ Source: The Register Title: Cisco fixes two critical make-me-root bugs on Identity Services Engine components Feedly Summary: A 10.0 and a 9.8 – these aren’t patches to dwell on Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems.… AI…
-
Bulletins: Vulnerability Summary for the Week of June 9, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…
-
Bulletins: Vulnerability Summary for the Week of May 5, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-132 Source: Bulletins Title: Vulnerability Summary for the Week of May 5, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress…
-
Bulletins: Vulnerability Summary for the Week of April 21, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-118 Source: Bulletins Title: Vulnerability Summary for the Week of April 21, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is…
-
The Register: IBM scores perfect 10 … vulnerability in mission-critical OS AIX
Source URL: https://www.theregister.com/2025/03/19/ibm_aix_critical_vulnerabilities/ Source: The Register Title: IBM scores perfect 10 … vulnerability in mission-critical OS AIX Feedly Summary: Big Blue’s workstation workhorse patches hole in network installation manager that could let the bad guys in IBM “strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities,…
-
Alerts: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066
Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066 Source: Alerts Title: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 Feedly Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including,…