CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed.
Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS).
By infosecbulletin
/ Friday , May 9 2025
Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power...
Read More
By infosecbulletin
/ Thursday , May 8 2025
The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the...
Read More
By infosecbulletin
/ Thursday , May 8 2025
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code...
Read More
By infosecbulletin
/ Thursday , May 8 2025
From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors,...
Read More
By infosecbulletin
/ Thursday , May 8 2025
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs)....
Read More
By infosecbulletin
/ Wednesday , May 7 2025
Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization...
Read More
By infosecbulletin
/ Wednesday , May 7 2025
Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices...
Read More
By infosecbulletin
/ Tuesday , May 6 2025
CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool...
Read More
By infosecbulletin
/ Tuesday , May 6 2025
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS...
Read More
By infosecbulletin
/ Tuesday , May 6 2025
The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has...
Read More
Critical (CVSS 9.0–10.0): Immediate attention required.
High (CVSS 7.0–8.9): Potential to cause major disruptions.
Medium (CVSS 4.0–6.9): Less severe but still actionable.
Low (CVSS 0.0–3.9): Minimal impact.
Top Critical Vulnerabilities:
Some critical vulnerabilities can allow attackers to run harmful code, gain unauthorized access, and steal data.
Critical vulnerabilities (CVE-2024-11317, CVE-2024-48839) in products like ASPECT, MATRIX, and NEXUS Series enable attackers to exploit session fixation, execute remote code, and misuse default credentials.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices:
Devices like Victure RX1800 WiFi Routers and Zyxel VMG4005-B50A firmware have vulnerabilities that let hackers run malicious code remotely.
ROS2 (Robotic Operating System)
Security vulnerabilities in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities in Django’s Oracle database could allow unauthorized access to sensitive data.
Notable High-Severity Vulnerabilities:
Chrome bug (CVE-2024-12053): A flaw in the V8 engine may allow attackers to manipulate objects, potentially leading to code execution via malicious web pages.
ABB ASPECT-Enterprise has vulnerabilities due to improper input validation (CVE-2024-51550) and data sanitization issues (CVE-2024-51541), allowing attackers to inject malicious scripts.
Android Devices:
Some Android parts have security vulnerabilities that can allow unauthorized actions or lead to data corruption.
Widespread Medium-Severity Issues:
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
Several WordPress themes and plugins, such as TI WooCommerce Wishlist and Convert Forms, have XSS vulnerabilities.
Development Frameworks: Issues in libraries like python-multipart could cause service disruptions (CVE-2024-53981).
Networking Devices:
IoT and networking products, including those from Ruijie and Lorex, have serious security vulnerabilities that allow unauthorized access or remote control.
Industrial Systems:
Some industrial systems, such as those from ABB and Siemens, have vulnerabilities that could endanger operational technology environments.
Recommendations:
InfoSecBulletin Cybersecurity for mankind
