Provided courtesy of White Hat Security – https://whitehat.eu
20 – 26 Oct 2025 The next star of our #CVE of the Week series is CVE-2025-33073, an improper authorization flaw in Microsoft’s SMB implementation. As you might have noticed from its ID number, this is not a freshly discovered one, but it still deserves …
13 – 19 Oct 2025 This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287. The Windows Server Update Service provides a way for IT administrators to deploy the latest Microsoft product updates. They can use …
06 – 12 Oct 2025 A critical use-after-free vulnerability has surfaced in Redis — lurking in the codebase for over a decade. Dubbed RediShell, this CVSS 10.0 flaw lets attackers craft malicious Lua scripts to hijack memory and potentially execute remote code, reminding us that …
29 Sept – 05 Oct 2025 This week’s CVE of the Week highlights a critical zero-day in Cisco ASA and Secure Firewall appliances: CVE-2025-20333 (CVSS 9.9). For organizations relying on Cisco ASA, this is more than a patching exercise — it’s a battle for the …
22 – 28 Sept 2025 SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments. Our current CVE of the …
15 – 21 Sept 2025 What is chaos engineering? No, with this week’s CVE of the Week post, we do not want to dominate the world. Chaos engineering is a proactive testing approach to intentionally introduce failures and errors into systems to investigate their resiliency …
8-15 Sept 2025 Patch Tuesday’s security bulletin at Adobe has been published and it includes a serious entry with the ID CVE-2025-54236, our CVE of the Week this week. The vulnerability dubbed SessionReaper affects Adobe Commerce and Magento, Adobe’s e-commerce solutions. SessionReaper resides within Magento’s …
