Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday
13/06/2025

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses 

CVE of the Week
-
by White Hat IT Security
Week 23 – Critical flaw in Roundcube
10/06/2025

Week 23 – Critical flaw in Roundcube

02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the 

CVE of the Week
-
by White Hat IT Security
30/05/2025

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025 Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape. It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure 

CVE of the Week
-
by White Hat IT Security
23/05/2025

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025 Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to 

CVE of the Week
-
by White Hat IT Security
16/05/2025

Week 20 – Critical elevation of privilege vulnerability in Azure DevOps

12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that 

CVE of the Week
-
by White Hat IT Security
09/05/2025

Week-19 – A critical security vulnerability in the OpenCTI Platform

05 – 11 May 2025 A critical security vulnerability has been identified in the OpenCTI Platform which is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. This vulnerability, tracked as CVE-2025-24977 is our new CVEofTheWeek with an assigned CVSS 

CVE of the Week
-
by White Hat IT Security
Week 18 – SAP NetWeaver’s Visual Composer component
02/05/2025

Week 18 – SAP NetWeaver’s Visual Composer component

White Hat IT Security’s CVE Of The Week, CVE-2025-31324, is a critical zero-day vulnerability affecting SAP NetWeaver’s Visual Composer component

CVE of the Week
-
by test user
Week 9 – Palo Alto PAN-OS Authentication Bypass
24/02/2025

Week 9 – Palo Alto PAN-OS Authentication Bypass

03-10 March 2025 Palo Alto PAN-OS authentication bypass exploited in the wild: CVE-2025-0108 This week’s #CVEofTheWeek is about an actively exploited critical Authentication Bypass vulnerability in Palo Alto PAN-OS. PAN-OS is the software that runs all Palo Alto Networks Next-Generation Firewalls (NGFW). The high-level properties 

CVE of the Week
-
by test user