CISA has released a bulletin that lists over 270 Critical vulnerabilities discovered in various software and hardware in the past week. These vulnerabilities impact popular apps, operating systems, IoT devices, and development frameworks, creating significant risks if not fixed.
Vulnerabilities have been categorized using the Common Vulnerability Scoring System (CVSS).
By infosecbulletin
/ Saturday , March 29 2025
The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
By infosecbulletin
/ Thursday , March 27 2025
OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
By infosecbulletin
/ Thursday , March 27 2025
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
By infosecbulletin
/ Thursday , March 27 2025
As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
By infosecbulletin
/ Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
By infosecbulletin
/ Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
By infosecbulletin
/ Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
By infosecbulletin
/ Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Critical (CVSS 9.0–10.0): Immediate attention required.
High (CVSS 7.0–8.9): Potential to cause major disruptions.
Medium (CVSS 4.0–6.9): Less severe but still actionable.
Low (CVSS 0.0–3.9): Minimal impact.
Top Critical Vulnerabilities:
Some critical vulnerabilities can allow attackers to run harmful code, gain unauthorized access, and steal data.
Critical vulnerabilities (CVE-2024-11317, CVE-2024-48839) in products like ASPECT, MATRIX, and NEXUS Series enable attackers to exploit session fixation, execute remote code, and misuse default credentials.
WordPress Plugins
Widely used plugins such as Roninwp FAT Services Booking (CVE-2024-54221) and Swift Performance Lite (CVE-2024-10516) are vulnerable to SQL injection, file inclusion, and XSS attacks.
IoT and Networking Devices:
Devices like Victure RX1800 WiFi Routers and Zyxel VMG4005-B50A firmware have vulnerabilities that let hackers run malicious code remotely.
ROS2 (Robotic Operating System)
Security vulnerabilities in Open Robotics’ ROS2 can lead to denial-of-service attacks or arbitrary code execution.
Django
SQL injection vulnerabilities in Django’s Oracle database could allow unauthorized access to sensitive data.
Notable High-Severity Vulnerabilities:
Chrome bug (CVE-2024-12053): A flaw in the V8 engine may allow attackers to manipulate objects, potentially leading to code execution via malicious web pages.
ABB ASPECT-Enterprise has vulnerabilities due to improper input validation (CVE-2024-51550) and data sanitization issues (CVE-2024-51541), allowing attackers to inject malicious scripts.
Android Devices:
Some Android parts have security vulnerabilities that can allow unauthorized actions or lead to data corruption.
Widespread Medium-Severity Issues:
While not as urgent, medium-severity vulnerabilities (CVSS 4.0–6.9) still require action:
Several WordPress themes and plugins, such as TI WooCommerce Wishlist and Convert Forms, have XSS vulnerabilities.
Development Frameworks: Issues in libraries like python-multipart could cause service disruptions (CVE-2024-53981).
Networking Devices:
IoT and networking products, including those from Ruijie and Lorex, have serious security vulnerabilities that allow unauthorized access or remote control.
Industrial Systems:
Some industrial systems, such as those from ABB and Siemens, have vulnerabilities that could endanger operational technology environments.
Recommendations:
InfoSecBulletin Cybersecurity for mankind
