Tag: cve

22/08/2025

Week 34 – Fire at Cisco Secure FMC

A newly disclosed CVSS 10.0 vulnerability puts Cisco Secure Firewall Management Center at risk, enabling remote attackers to seize root-level control without authentication.

CVE of the Week
-
by White Hat IT Security
15/08/2025

Week 33 – Patch your FortiSIEM today!

11 Aug – 17 Aug 2025 A critical OS command injection flaw (CVE-2025-25256) has been identified in Fortinet’s FortiSIEM platform, now this our CVE of the Week. This critical flaw, has a 9.8 CVSS base score, almost reaching a straight 10/10. The vulnerability allows remote, 

CVE of the Week
-
by White Hat IT Security
10/08/2025

Week 32 – Critical AEM Forms Exploit via Apache Struts

04 – 10 Aug 2025 Vulnerabilities don’t always require complex exploits or innovative tricks to be taken advantage of. In many cases, they stem from trivial development errors, misconfigurations or simply negligence. Such is the case for this week’s star of our CVE of the 

CVE of the Week
-
by White Hat IT Security
01/08/2025

Week 31 – Critical VPN Flaw Hits SonicWall: Patch Now!

28 July – 03 Aug 2025 SonicWall has issued an urgent advisory regarding a newly discovered critical vulnerability — CVE-2025-40600, now spotlighted as this week’s CVE of the Week. This flaw affects the SSL VPN interface of the SonicOS firewall operating system, and it demands 

CVE of the Week
-
by White Hat IT Security
25/07/2025

Week 30 – Update your on-prem SharePoint ASAP

21 – 27 July 2025 In recent days, the cybersecurity community has been focusing on newly discovered critical SharePoint vulnerabilities, so it was an easy choice to pick our CVE of The Week. The issue with the highest score is tracked as CVE-2025-53770 and has 

CVE of the Week
-
by White Hat IT Security
21/07/2025

Week 29 – Vulnerability in Google Chrome

14 – 20 July 2025 This week our focus moved to a vulnerability in Google’s browser, tracked as CVE-2025-6558, because it possibly has been exploited in the wild. This flaw scored 8.8 CVSS score and allow a potential remote attacker to escape the sandbox environment 

CVE of the Week
-
by White Hat IT Security
Week 28 – Critical vulnerability in OT environment
11/07/2025

Week 28 – Critical vulnerability in OT environment

07 – 13 July 2025 OT environments power things that keep our world turning, from factories to critical infrastructure like power plants. As one can imagine, the security of such systems is paramount. However, they pose very different challenges from traditional IT networks. As an 

CVE of the Week
-
by White Hat IT Security
Week 27 – Retire your D-Link DIR-816 router
04/07/2025

Week 27 – Retire your D-Link DIR-816 router

30 June – 06 July 2025 Our CVE of the Week post brings you another fresh attack on a network device, but this time it affects owners of a D-Link DIR-816 wireless router, which is used in small home networks. The router provides dual-band AC 

CVE of the Week
-
by White Hat IT Security
30/06/2025

Week 26 – What if the zero-trust provider can’t be trusted?

23 – 29 June 2025 The blast radius of a compromised security solution is always massive — just like the Cisco ISE API vulnerabilities featured in this post from our CVE of the Week series. Cisco’s ISE (Identity Services Engine) is the Network Access Control 

CVE of the Week
-
by White Hat IT Security
Week 25 – Two severe vulnerabilities in SUSE Linux system
20/06/2025

Week 25 – Two severe vulnerabilities in SUSE Linux system

16 – 22 June 2025 It’s Friday again, which for some people means throwing a party to let the stress out after a long week at work. Not for engineers responsible for securing SUSE Linux systems, though. SUSE is a distribution loved by many desktop 

CVE of the Week
-
by White Hat IT Security