Provided courtesy of White Hat Security – https://whitehat.eu
15 – 21 Dec 2025 As we reached the end of 2025 we have looked back to see the most impactful vulnerabilities of the year. Come and go through the TOP 10 CVEs of the year selected by our experts! A critical CVSS 9.1 flaw …
8 – 14 Dec 2025 A remote code execution vulnerability was found in React Server Components: CVE-2025-55182 – React2Shell. This week’s CVE of the Week is about the recent pre-authentication remote code execution vulnerability in Meta’s React Server Components. React is a free and open-source …
1 – 7 Dec 2025 Critical vulnerability has been found with the CVSS score of 10 in Manager-io/Manager, which is an accounting software. CVE-2025-64180 is the vulnerability of this week. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access …
14 – 30 Nov 2025 A newly disclosed and actively exploited FortiWeb vulnerability (CVE-2025-58034) allows authenticated attackers to execute arbitrary OS commands, posing a serious risk to organizations relying on the platform for critical web application protection. Despite its medium-severity vulnerability (CVSS score of 6.7), …
17 – 23 Nov 2025 On Monday Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. Our CVE of the Week is about CVE-2025-13223 vulnerability with a CVSS score of …
10 – 16 Nov 2025 Mandiant has confirmed that threat actors are actively exploiting a critical flaw (CVE-2025-12480) in Triofox by Gladinet — a remote access and file-sharing platform.The vulnerability allows authentication bypass, letting attackers create admin accounts and execute arbitrary code by abusing the …
03 – 09 Nov 2025 Our CVE of the Week, CVE-2025-62156, is about Argo Workflows, which is an open source container-native workflow engine for orchestrating complex, parallel jobs on Kubernetes. Critical flaw has been found in versions prior to 3.6.12 and versions 3.7.0 through 3.7.2 …
27 Oct – 02 Nov 2025 Critical flaw has been found in UniFi® Access application, which leaves its management API exposed with no authentication required. The UniFi® Access Application is part of Ubiquiti’s platform designed for modern, managed door access control. It is used in …
20 – 26 Oct 2025 The next star of our #CVE of the Week series is CVE-2025-33073, an improper authorization flaw in Microsoft’s SMB implementation. As you might have noticed from its ID number, this is not a freshly discovered one, but it still deserves …
13 – 19 Oct 2025 This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287. The Windows Server Update Service provides a way for IT administrators to deploy the latest Microsoft product updates. They can use …