VulnHub

Real-time Cybersecurity News

Articles tagged "CVE"

Found 111 articles

ICAM365 CCTV Camera Multiple Models

All CISA Advisories

The iCam365 CCTV camera models P201 and QC021 have been identified with critical vulnerabilities allowing unauthorized access to camera video streams and configuration data due to missing authentication for ONVIF and RTSP services. The vulnerabilities carry a CVSS v4 score of 7.0, indicating a significant risk that requires immediate attention and mitigation.

Impact: Affected products include iCam365 ROBOT PT Camera P201 (Versions 43.4.0.0 and prior) and Night Vision Camera QC021 (Versions 43.4.0.0 and prior). Vendor: iCam365.
Remediation: CISA recommends minimizing network exposure for all control system devices, ensuring they are not accessible from the Internet. Control system networks and remote devices should be located behind firewalls and isolated from business networks. When remote access is necessary, use secure methods like Virtual Private Networks (VPNs). Organizations should perform proper impact analysis and risk assessment prior to deploying defensive measures. Additional guidance is available on the CISA ICS webpage.
CVEVulnerabilityUpdateCritical
Read Original
Opto 22 GRV-EPIC and groov RIO

All CISA Advisories

The Opto 22 GRV-EPIC and groov RIO products are vulnerable to an OS Command Injection flaw that could allow remote attackers to execute arbitrary shell commands with root privileges. This vulnerability, identified as CVE-2025-13087, has a CVSS v4 score of 7.5, indicating a significant risk to affected systems.

Impact: Affected products include GRV-EPIC-PR1 and GRV-EPIC-PR2 (Firmware versions prior to 4.0.3), groov RIO GRV-R7-MM1001-10, GRV-R7-MM2001-10, and GRV-R7-I1VAPM-3 (all with Firmware versions prior to 4.0.3). Vendor: Opto 22.
Remediation: Opto 22 has published a patch to address this vulnerability. Users are recommended to upgrade to GRV-EPIC and groov RIO Firmware Version 4.0.3. Additional defensive measures include minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
CVEVulnerabilityPatchUpdateCritical
Read Original
Festo Didactic products

All CISA Advisories

The article details a critical vulnerability (CVE-2023-26293) in Festo Didactic products, specifically related to improper input validation in Siemens TIA-Portal versions V15 to V18, which could allow attackers to create or overwrite arbitrary files. With a CVSS v3.1 score of 7.8, this vulnerability poses significant risks to engineering systems and requires immediate attention from users to mitigate potential exploitation.

Impact: Affected products include Siemens TIA-Portal V15 prior to V17 Update 6, Siemens TIA-Portal V18 prior to V18 Update 1, all versions of Festo Hardware MES PC, and all versions of Festo Hardware TP260 (before June 2023). Vendor: Festo SE & Co. KG.
Remediation: Festo recommends users of affected devices to update TIA-Portal to the latest versions. Specifically, users should update to Siemens TIA-Portal V17 Update 6 or later and Siemens TIA-Portal V18 Update 1 or later. For further details, refer to Siemens SSA-116924 and Festo's security advisory FSA-202303.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability

The Hacker News

The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.

Impact: 7-Zip software, specifically versions affected by CVE-2025-11001.
Remediation: Users are advised to update to the latest version of 7-Zip to mitigate the risk associated with this vulnerability. Additionally, monitoring for any updates from the vendor regarding patches or security advisories is recommended.
CVEExploitVulnerabilityUpdateRCE
Read Original
CISA Adds One Known Exploited Vulnerability to Catalog

All CISA Advisories

Actively Exploited

CISA has added CVE-2025-13223, a Google Chromium V8 Type Confusion Vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal enterprises, prompting CISA to urge timely remediation by all organizations to mitigate potential cyberattacks.

Impact: Google Chromium V8
Remediation: Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by the due date as per Binding Operational Directive (BOD) 22-01. Organizations are strongly urged to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices.
CVEVulnerability
Read Original
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

The Hacker News

CVE-2025-58034
Actively Exploited

Fortinet has issued a warning regarding a medium-severity vulnerability in FortiWeb, tracked as CVE-2025-58034, which has been actively exploited in the wild. The flaw, categorized as an OS Command Injection vulnerability, could allow authenticated attackers to execute arbitrary commands on affected systems.

Impact: FortiWeb
Remediation: Fortinet recommends that users apply available security patches and updates for FortiWeb to mitigate the risk associated with this vulnerability. Users should also review their authentication mechanisms and limit access to FortiWeb to trusted users only.
CVEVulnerability
Read Original
PreviousPage 8 of 8