Topic: historical vulnerabilities

Sort by: Relevance | Date
  • CISA: Hackers Actively Exploiting WatchGuard Firewall Flaw
    November 14, 2025
    79%

    CISA: Hackers Actively Exploiting WatchGuard Firewall Flaw

    A critical security flaw (CVE-2025-9242) in WatchGuard Firebox firewalls is being actively exploited, prompting CISA to issue an urgent patch directive to federal agencies. The vulnerability stems from an out-of-bounds write weakness in Fireware OS, affecting over 54,000 devices globally, with fe...

    Read More »
  • Urgent ASUS Router Security Flaw Exposed
    November 15, 2025
    65%

    Urgent ASUS Router Security Flaw Exposed

    ASUS has released an urgent firmware update (version 1.1.2.3_1010) to fix a critical security flaw (CVE-2025-59367) that allows unauthorized remote access to DSL-AC51, DSL-N16, and DSL-AC750 routers without a password. For users unable to update immediately, ASUS recommends disabling internet-acc...

    Read More »
  • Critical WordPress AI Plugin Vulnerability Impacts 100K+ Sites
    July 31, 2025
    60%

    Critical WordPress AI Plugin Vulnerability Impacts 100K+ Sites

    A critical security flaw in the AI Engine WordPress plugin (scoring 8.8/10) exposes over 100,000 websites, allowing attackers with subscriber accounts to upload harmful files via the REST API. This is the fourth major vulnerability in July 2025, following a trend of similar high-severity flaws, i...

    Read More »
  • Senator Slams Microsoft Over Windows "Kerberoasting" Vulnerability
    September 11, 2025
    58%

    Senator Slams Microsoft Over Windows "Kerberoasting" Vulnerability

    Senator Ron Wyden is urging the FTC to investigate Microsoft for cybersecurity negligence due to its default use of the outdated RC4 encryption cipher, which contributed to a major ransomware attack exposing 5.6 million patient records. Wyden accuses Microsoft of making dangerous software enginee...

    Read More »
  • Critical Fortinet Flaw Actively Exploited by Hackers
    January 17, 2026
    55%

    Critical Fortinet Flaw Actively Exploited by Hackers

    A critical, unauthenticated command injection vulnerability (CVE-2025-64155) in FortiSIEM versions 6.7 to 7.5 allows attackers to gain full system control. Active exploitation of this flaw is confirmed, and immediate patching to specified fixed versions or restricting access to TCP port 7900 is u...

    Read More »
  • Critical FortiSIEM Flaw: Exploit Code Now Public
    January 16, 2026
    55%

    Critical FortiSIEM Flaw: Exploit Code Now Public

    A critical, unauthenticated remote code execution vulnerability (CVE-2025-25256) in Fortinet's FortiSIEM platform allows attackers to gain full administrative control, with public exploit code now available. The flaw resides in the phMonitor service (TCP port 7900), a recurring weak point, and pa...

    Read More »
  • QNAP Patches Critical Zero-Day Flaws Exploited at Pwn2Own
    November 9, 2025
    50%

    QNAP Patches Critical Zero-Day Flaws Exploited at Pwn2Own

    QNAP has urgently patched seven critical zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 contest, affecting core components like QTS/QuTS hero operating systems and applications such as Hyper Data Protector and HBS 3. The company advises users to install the latest software upd...

    Read More »
  • Patch Now: Critical MongoDB RCE Flaw Demands Immediate Action
    December 27, 2025
    35%

    Patch Now: Critical MongoDB RCE Flaw Demands Immediate Action

    A critical, high-severity vulnerability (CVE-2025-14847) in MongoDB allows unauthenticated attackers to remotely execute code by exploiting a flaw in the zlib compression implementation. Administrators must immediately upgrade to specific patched versions (e.g., MongoDB 8.2.3) or, as a workaround...

    Read More »

Related Topics

affected versions (3) security advisory (3) phmonitor service (2) patch management (2) password security (2) remote exploitation (2) indicators of compromise (2) workaround guidance (2)