InfoSecBulletin Cybersecurity for mankind
CVE-2024-20953 is a vulnerability in Oracle Agile PLM, a product lifecycle management tool. With a CVSS score of 8.8, it allows low-privileged attackers with HTTP network access to exploit systems running version 9.3.6. This could result in complete system takeover, risking sensitive supply chain data and business operations.
The vulnerability in Oracle Agile PLM is a major concern for organizations due to its easy exploitation and potential for widespread impact.
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
CISA has added certain vulnerabilities to the KEV catalog, signifying a serious ongoing threat, even though details about the attacks are unclear. They have instructed Federal Civilian Executive Branch agencies to patch their systems by March 17, 2025. However, all organizations using the affected software are urged to prioritize patching right away.
CISA has identified another critical vulnerability, CVE-2017-3066, affecting older versions of Adobe ColdFusion. This flaw has a CVSS score of 9.8 and arises from a Java deserialization issue in the Apache BlazeDS library. Exploiting this vulnerability allows attackers to execute arbitrary code, gaining full access to affected systems. A publicly available proof-of-concept exploit increases the risk of widespread attacks.
ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier are especially vulnerable.
