Provided courtesy of White Hat Security – https://whitehat.eu
06 – 12 Oct 2025 A critical use-after-free vulnerability has surfaced in Redis — lurking in the codebase for over a decade. Dubbed RediShell, this CVSS 10.0 flaw lets attackers craft malicious Lua scripts to hijack memory and potentially execute remote code, reminding us that …
29 Sept – 05 Oct 2025 This week’s CVE of the Week highlights a critical zero-day in Cisco ASA and Secure Firewall appliances: CVE-2025-20333 (CVSS 9.9). For organizations relying on Cisco ASA, this is more than a patching exercise — it’s a battle for the …
22 – 28 Sept 2025 SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments. Our current CVE of the …
15 – 21 Sept 2025 What is chaos engineering? No, with this week’s CVE of the Week post, we do not want to dominate the world. Chaos engineering is a proactive testing approach to intentionally introduce failures and errors into systems to investigate their resiliency …
8-15 Sept 2025 Patch Tuesday’s security bulletin at Adobe has been published and it includes a serious entry with the ID CVE-2025-54236, our CVE of the Week this week. The vulnerability dubbed SessionReaper affects Adobe Commerce and Magento, Adobe’s e-commerce solutions. SessionReaper resides within Magento’s …
11 Aug – 17 Aug 2025 A critical OS command injection flaw (CVE-2025-25256) has been identified in Fortinet’s FortiSIEM platform, now this our CVE of the Week. This critical flaw, has a 9.8 CVSS base score, almost reaching a straight 10/10. The vulnerability allows remote, …
04 – 10 Aug 2025 Vulnerabilities don’t always require complex exploits or innovative tricks to be taken advantage of. In many cases, they stem from trivial development errors, misconfigurations or simply negligence. Such is the case for this week’s star of our CVE of the …
