Articles tagged "CVE"

Found 351 articles

Critical
Rockwell Automation Arena Simulation

All CISA Advisories

Rockwell Automation's Arena Simulation software has a stack-based buffer overflow vulnerability that could allow local attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-11918, has a CVSS v4 score of 7.1, indicating a significant risk for affected installations, particularly in critical manufacturing sectors.

Read Original
Critical
Zenitel TCIV-3+

All CISA Advisories

The Zenitel TCIV-3+ device has critical vulnerabilities, including OS Command Injection and Cross-site Scripting, with a CVSS v4 score of 10.0, indicating a severe risk of arbitrary code execution and denial-of-service. Users are strongly advised to upgrade to version 9.3.3.0 or later to mitigate these risks.

Read Original
Critical
SiRcom SMART Alert (SiSA)

All CISA Advisories

The SiRcom SMART Alert (SiSA) system has a critical vulnerability due to missing authentication for critical functions, allowing unauthorized remote access to backend APIs. This could enable attackers to manipulate emergency sirens, posing a significant risk to public safety and critical infrastructure.

Read Original

The Ashlar-Vellum products Cobalt, Xenon, Argon, Lithium, and Cobalt Share have critical vulnerabilities, specifically an Out-of-Bounds Write and a Heap-based Buffer Overflow, which could allow attackers to disclose information or execute arbitrary code. The vulnerabilities have a CVSS v4 score of 8.4, indicating a high severity level, and users are urged to update their software to mitigate risks.

Read Original
Critical
Opto 22 groov View

All CISA Advisories

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

+1 more
Read Original

The article highlights the exploitation of CVE-2025-61757, which follows a breach of Oracle Cloud and an extortion campaign targeting Oracle E-Business Suite customers. This indicates a significant security threat that could impact numerous organizations relying on Oracle's services.

Read Original

CISA has confirmed the exploitation of a vulnerability in Oracle Identity Manager, identified as CVE-2025-61757, which has been added to its Known Exploited Vulnerabilities catalog. This indicates a significant security risk for organizations using the affected systems, necessitating immediate attention to mitigate potential breaches.

Read Original

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Read Original
Actively Exploited

CISA has added CVE-2025-61757, a critical vulnerability in Oracle Fusion Middleware, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal networks, prompting CISA to urge timely remediation by all organizations to mitigate potential cyberattacks.

Read Original
Critical
Automated Logic WebCTRL Premium Server

All CISA Advisories

The Automated Logic WebCTRL Premium Server has critical vulnerabilities, including an Open Redirect and Cross-site Scripting, with a CVSS v4 score of 8.6. Successful exploitation could allow remote attackers to redirect users to malicious sites or execute malicious scripts in their browsers, posing significant security risks.

Read Original
Critical
Festo MSE6-C2M/D2M/E2M

All CISA Advisories

The Festo MSE6-C2M/D2M/E2M series has a critical vulnerability (CVE-2023-3634) that allows remote authenticated attackers to exploit undocumented test modes, leading to severe risks including loss of confidentiality, integrity, and availability. This vulnerability has a CVSS score of 8.8, indicating a high severity level and necessitating immediate attention and remediation.

Read Original
Critical
Emerson Appleton UPSMON-PRO

All CISA Advisories

The Emerson Appleton UPSMON-PRO vulnerability, identified as CVE-2024-3871, is a stack-based buffer overflow that could allow remote attackers to execute arbitrary code with SYSTEM privileges. This critical vulnerability, with a CVSS v4 score of 9.3, affects versions 2.6 and prior of the product, which is now End of Life and unsupported, necessitating immediate action from users.

Read Original
PreviousPage 23 of 24Next