SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution. The vulnerabilities are listed below: CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, …
Read More »
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). This vulnerability, known as CVE-2025-20188, has a CVSS score of 10, indicating the highest security flaw. The advisory highlights a vulnerability in the Out-of-Band Access Point (AP) Image Download feature …
Read More »
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS score: 8.1) is a high-severity vulnerability in the System component that allows local code execution without needing extra privileges. “The most severe of these issues is a high security vulnerability …
Read More »
A new exploit chain for SonicWall’s Secure Mobile Access (SMA) appliances has been released by watchTowr Labs. It details how two vulnerabilities, CVE-2023-44221 and CVE-2024-38475, can be combined to allow remote, unauthenticated attackers to hijack admin sessions and run arbitrary code. SonicWall identifies CVE-2024-38475 as a critical vulnerability in the …
Read More »
SonicWall’s Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-2170, with a CVSS base score of 7.2. The flaw in the SMA1000 appliances’ WorkPlace interface allows unauthenticated remote attackers to send unauthorized …
Read More »
On April 29, 2025, SonicWall announced that two previously disclosed vulnerabilities in its SMA 100 Series appliances are being actively exploited. They urge customers to update to the latest secure firmware to avoid compromise. First identified in December 2023, CVE-2023-44221 has now been confirmed as under active exploitation. The vulnerability—assigned …
Read More »
Security vulnerabilities in Apple’s AirPlay Protocol and SDK put both third-party and Apple devices at risk of various attacks, including remote code execution. Oligo Security researchers found flaws that can be exploited in zero-click and one-click remote code execution (RCE) attacks, man-in-the-middle (MITM) attacks, denial of service (DoS) attacks, and …
Read More »
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two high-severity security flaws affecting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The vulnerabilities in question are listed below: CVE-2025-1976 (CVSS score: 8.6): A code …
Read More »
Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks. CVE-2025-31324 is a vulnerability that lets unauthenticated attackers upload malicious files to affected systems, risking full system compromise. A severe flaw with a CVSS score of 10.0 affects the Metadata …
Read More »
A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python. Rated CVSS 9.1, the flaw could enable request smuggling attacks in applications where h11 is paired with a misconfigured or buggy HTTP proxy. “A leniency in h11’s parsing of line …
Read More »
InfoSecBulletin Cybersecurity for mankind
