VulnVibes

Researchers at Rapid7 have identified vulnerabilities in Xerox Versalink C7025 multifunction printers that could enable attackers to steal user credentials. Tracked as CVE-2024-12510 and CVE-2024-12511, these flaws facilitate a "pass-back attack," in which the printer is deceived into returning authentication data to the attacker.

The Qualys Threat Research Unit (TRU) has revealed two newly discovered vulnerabilities in OpenSSH, impacting both clients and servers. Designated as CVE-2025-26465 and CVE-2025-26466, these flaws could allow attackers to carry out machine-in-the-middle (MITM) attacks and denial-of-service (DoS) exploits.

Daily Summary of WordPress critical and high vulnerabilities

Rapid7 researchers have identified a high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL’s interactive tool, psql. Discovered during an investigation into the exploitation of a separate BeyondTrust vulnerability, this flaw enables attackers to execute arbitrary code on impacted systems.

Daily Summary of WordPress critical and high vulnerabilities

A critical vulnerability has been identified in WinZip, potentially enabling remote attackers to execute arbitrary code on affected systems. Designated as CVE-2025-1240, this flaw stems from how WinZip processes 7Z files and could be exploited if a user interacts with a malicious file or webpage.

Multiple critical security flaws have been discovered in the PAM-PKCS#11 login module, a widely used tool for X.509 certificate-based authentication on Linux systems. These vulnerabilities could enable attackers to bypass authentication, gain unauthorized system access, and potentially escalate privileges.

Wazuh, a prominent open-source security solutions provider, has released a critical security advisory about a remote code execution (RCE) vulnerability impacting its platform. Designated as CVE-2025-24016 with a CVSS score of 9.9, this flaw could enable attackers to take full control of affected Wazuh servers.

Daily Summary of WordPress critical and high vulnerabilities

Ivanti has released a security advisory addressing critical vulnerabilities in its Cloud Services Application (CSA). Tracked as CVE-2024-47908 and CVE-2024-11771, these flaws could enable attackers to execute remote code and access sensitive data without authorization.

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Security researcher Hakivvi has released a detailed analysis of CVE-2025-23369 (CVSSv4 7.6), a vulnerability that enables attackers to bypass SAML authentication in GitHub Enterprise.

Apple has released critical security updates for iOS and iPadOS to patch a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in targeted attacks. This flaw enables attackers to bypass USB Restricted Mode on locked devices, potentially exposing sensitive data.

Daily Summary of WordPress critical and high vulnerabilities

Two newly discovered security vulnerabilities have been identified in Zimbra Collaboration, a popular open-source email and collaboration platform. These flaws, tracked as CVE-2025-25064 and CVE-2025-25065, present a significant risk to businesses using Zimbra for email, calendaring, file sharing, and task management. If exploited, they could enable attackers to gain unauthorized access to sensitive data and internal network resources.

A severe security flaw in Microsoft Outlook, identified as CVE-2024-21413, is currently being actively exploited, presenting a major risk to organizations globally. Rated 9.8 out of 10 on the CVSS scale, this vulnerability enables attackers to remotely execute arbitrary code when a user opens a malicious email.

Cisco has released a security advisory regarding two critical vulnerabilities in its Identity Services Engine (ISE), a widely used network security policy management platform. These vulnerabilities, identified as CVE-2025-20124 and CVE-2025-20125, could allow authenticated attackers to execute arbitrary commands with root privileges and bypass authorization controls, posing significant risks to affected systems.

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Three security vulnerabilities found in the open-source PHP package Voyager, used for managing Laravel applications, could allow remote code execution attacks.

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Wiz Research discovered a publicly accessible ClickHouse database owned by DeepSeek, granting full control over database operations and access to internal data. This exposure included over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team promptly and responsibly reported the issue to DeepSeek, which swiftly secured the vulnerability.

Daily Summary of WordPress critical and high vulnerabilities

Broadcom has issued an alert regarding a high-severity security vulnerability in VMware Avi Load Balancer, identified as CVE-2025-22217, with a CVSS score of 8.6. This unauthenticated blind SQL injection flaw allows malicious actors with network access to execute specially crafted SQL queries, potentially granting them unauthorized access to the database.

A severe security vulnerability has been revealed in the Cacti open-source network monitoring and fault management framework, potentially enabling an authenticated attacker to execute remote code on vulnerable instances.

Daily Summary of WordPress critical and high vulnerabilities

QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices.

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

SonicWall has released an urgent security advisory regarding a critical vulnerability in its SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Identified as CVE-2025-23006 with a CVSS score of 9.8, this pre-authentication remote command execution flaw poses a significant risk, enabling attackers to fully compromise vulnerable devices.

Daily Summary of WordPress critical and high vulnerabilities

Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for a critical vulnerability in Microsoft Configuration Manager (MCM), tracked as CVE-2024-43468, with a CVSS score of 9.8. This flaw allows unauthenticated attackers to exploit SQL injection vulnerabilities, enabling the execution of arbitrary commands on servers and their underlying databases.

Kibana, the popular open-source data visualization and exploration tool, has released a security update addressing two vulnerabilities, including one high severity flaw. The update, version 8.15.0, is available now and all users are strongly encouraged to upgrade their installations immediately.

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities

Microsoft has addressed a critical vulnerability (CVE-2025-21298) in its latest 2025 Patch Tuesday update. This flaw, rated with a CVSS score of 9.8, allows attackers to achieve remote code execution (RCE) on Windows devices through a specially crafted email

Daily Summary of WordPress critical and high vulnerabilities

Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

A recently patched vulnerability Sentry could have allowed attackers to take over accounts

Search injection attack has been discovered on the popular MongoDB object modeling tool.

Daily Summary of WordPress critical and high vulnerabilities

Short update of latest information about TikTok ban in the USA

Daily Summary of WordPress critical and high vulnerabilities

Daily Summary of WordPress critical and high vulnerabilities