CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed.
Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS).
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
By infosecbulletin
/ Sunday , June 15 2025
WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...
Read More
By infosecbulletin
/ Saturday , June 14 2025
Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...
Read More
By infosecbulletin
/ Friday , June 13 2025
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
By infosecbulletin
/ Friday , June 13 2025
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
By infosecbulletin
/ Friday , June 13 2025
Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...
Read More
Critical (CVSS 9.0–10.0): Immediate attention required.
High (CVSS 7.0–8.9): Potential to cause major disruptions.
Medium (CVSS 4.0–6.9): Less severe but still actionable.
Low (CVSS 0.0–3.9): Minimal impact.
Top Critical Vulnerabilities:
Some critical vulnerabilities can allow attackers to run harmful code, gain unauthorized access, and steal data.
Critical vulnerabilities (CVE-2024-11317, CVE-2024-48839) in products like ASPECT, MATRIX, and NEXUS Series enable attackers to exploit session fixation, execute remote code, and misuse default credentials.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices:
Devices like Victure RX1800 WiFi Routers and Zyxel VMG4005-B50A firmware have vulnerabilities that let hackers run malicious code remotely.
ROS2 (Robotic Operating System)
Security vulnerabilities in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities in Django’s Oracle database could allow unauthorized access to sensitive data.
Notable High-Severity Vulnerabilities:
Chrome bug (CVE-2024-12053): A flaw in the V8 engine may allow attackers to manipulate objects, potentially leading to code execution via malicious web pages.
ABB ASPECT-Enterprise has vulnerabilities due to improper input validation (CVE-2024-51550) and data sanitization issues (CVE-2024-51541), allowing attackers to inject malicious scripts.
Android Devices:
Some Android parts have security vulnerabilities that can allow unauthorized actions or lead to data corruption.
Widespread Medium-Severity Issues:
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
Several WordPress themes and plugins, such as TI WooCommerce Wishlist and Convert Forms, have XSS vulnerabilities.
Development Frameworks: Issues in libraries like python-multipart could cause service disruptions (CVE-2024-53981).
Networking Devices:
IoT and networking products, including those from Ruijie and Lorex, have serious security vulnerabilities that allow unauthorized access or remote control.
Industrial Systems:
Some industrial systems, such as those from ABB and Siemens, have vulnerabilities that could endanger operational technology environments.
Recommendations:
InfoSecBulletin Cybersecurity for mankind
