Tag: cveoftheweek

31/10/2025

Week 44 – Open Sesame: UniFi Access Vulnerability Exposes Door Control Systems

27 Oct – 02 Nov 2025 Critical flaw has been found in UniFi® Access application, which leaves its management API exposed with no authentication required. The UniFi® Access Application is part of Ubiquiti’s platform designed for modern, managed door access control. It is used in 

CVE of the Week
-
by White Hat IT Security
24/10/2025

Week 43 – Old Trick, New Target: NTLM Reflection Returns via SMB

20 – 26 Oct 2025 The next star of our #CVE of the Week series is CVE-2025-33073, an improper authorization flaw in Microsoft’s SMB implementation. As you might have noticed from its ID number, this is not a freshly discovered one, but it still deserves 

CVE of the Week
-
by White Hat IT Security
17/10/2025

Week 42 – Update and Destruct: WSUS Hit by Deserialization Flaw

13 – 19 Oct 2025 This week’s CVE of The Week is about a remote code vulnerability in Windows Server Update Service (WSUS): CVE-2025-59287. The Windows Server Update Service provides a way for IT administrators to deploy the latest Microsoft product updates. They can use 

CVE of the Week
-
by White Hat IT Security
10/10/2025

Week 41 – RediShell: The 13-Year-Old Redis Bug That Came Back to Byte

06 – 12 Oct 2025 A critical use-after-free vulnerability has surfaced in Redis — lurking in the codebase for over a decade. Dubbed RediShell, this CVSS 10.0 flaw lets attackers craft malicious Lua scripts to hijack memory and potentially execute remote code, reminding us that 

CVE of the Week
-
by White Hat IT Security
03/10/2025

Week 40 – Brain Hacked: Cisco ASA Zero-Day Goes Deeper Than Patching

29 Sept – 05 Oct 2025 This week’s CVE of the Week highlights a critical zero-day in Cisco ASA and Secure Firewall appliances: CVE-2025-20333 (CVSS 9.9). For organizations relying on Cisco ASA, this is more than a patching exercise — it’s a battle for the 

CVE of the Week
-
by White Hat IT Security
26/09/2025

Week 39 – When the Postman is a Hacker: WHD’s AjaxProxy Leads to Total Compromise

22 – 28 Sept 2025 SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments. Our current CVE of the 

CVE of the Week
-
by White Hat IT Security
19/09/2025

Week 38 – From Chaos to Catastrophe: CVEs Shake Chaos Mesh

15 – 21 Sept 2025 What is chaos engineering? No, with this week’s CVE of the Week post, we do not want to dominate the world. Chaos engineering is a proactive testing approach to intentionally introduce failures and errors into systems to investigate their resiliency 

CVE of the Week
-
by White Hat IT Security
15/09/2025

Week 37 – From Carts to Carnage: SessionReaper Targets Magento

8-15 Sept 2025 Patch Tuesday’s security bulletin at Adobe has been published and it includes a serious entry with the ID CVE-2025-54236, our CVE of the Week this week. The vulnerability dubbed SessionReaper affects Adobe Commerce and Magento, Adobe’s e-commerce solutions. SessionReaper resides within Magento’s 

CVE of the Week
-
by White Hat IT Security
Week 36 – WhatsApp Zero-Click Flaw Targets Apple Devices
08/09/2025

Week 36 – WhatsApp Zero-Click Flaw Targets Apple Devices

WhatsApp Zero-Click Flaw Targets Apple Devices

CVE of the Week
-
by White Hat IT Security
29/08/2025

Week 35 – Remote code execution vulnerability in Citrix NetScaler products

Remote code execution vulnerability in Citrix NetScaler products.

CVE of the Week
-
by White Hat IT Security