Activity

Hype increased to 30

CVE-2025-38352 is a vulnerability that exists in the Linux kernel, specifically within the handling of POSIX CPU timers. The vulnerability stems from a race condition between `handle_posix_cpu_timers()` and `posix_cpu_timer_del()`. This race condition can occur when a non-autoreaping task that is exiting has already passed `exit_notify()` and calls `handle_posix_cpu_timers()` from an interrupt request (IRQ). If a concurrent `posix_cpu_timer_del()` runs at the same time, it might not detect that `timer->it.cpu.firing != 0`, which can cause `cpu_timer_task_rcu()` and/or `lock_task_sighand()` to fail. This vulnerability can be exploited to gain elevated privileges on Android devices.

Hype increased to 30

CVE-2025-68613 is a Remote Code Execution (RCE) vulnerability found in n8n, an open-source workflow automation platform. The vulnerability exists in versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0. It stems from the workflow expression evaluation system, where expressions supplied by authenticated users during workflow configuration might be evaluated in an execution context lacking sufficient isolation from the underlying runtime. An authenticated attacker could exploit this vulnerability to execute arbitrary code with the privileges of the n8n process. Successful exploitation could lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. The issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0.

Vulnerability name

Digiever DS-2105 Pro Missing Authorization Vulnerability

Product

Digiever DS-2105 Pro

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Vulnerability name

WatchGuard Firebox Out of Bounds Write Vulnerability

Product

WatchGuard Firebox

CVE-2025-14733 is a zero-day vulnerability affecting WatchGuard Firebox firewall appliances. It is an out-of-bounds write flaw in the `iked` process, which handles IKEv2 VPN negotiations. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code and seize control of affected devices. The vulnerability impacts Firebox appliances configured for Mobile User VPNs using IKEv2 or Branch Office VPNs using IKEv2 with a dynamic gateway peer. By sending a specially crafted request to the firewall, an attacker can trigger a memory corruption error, leading to arbitrary code execution. Even if a vulnerable VPN configuration was previously deleted, the device may still be at risk if a static branch office VPN remains configured.

Hype increased to 31

CVE-2025-20393 is an improper input validation vulnerability that affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Specifically, the vulnerability is triggered when the Spam Quarantine feature is exposed to the internet. Attackers have been observed exploiting this vulnerability in the wild to install backdoors (like AquaShell and AquaTunnel) and tools for log manipulation (like AquaPurge) and traffic proxying (Chisel). CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog.

Hype increased to 30

CVE-2025-59719 is a vulnerability affecting Fortinet FortiWeb versions 8.0.0, 7.6.0 through 7.6.4, and 7.4.0 through 7.4.9. It stems from an improper verification of cryptographic signatures. This vulnerability could allow an unauthenticated attacker to bypass the FortiCloud Single Sign-On (SSO) login authentication. This can be achieved by sending a crafted Security Assertion Markup Language (SAML) response message to the targeted appliance.

Hype increased to 30

CVE-2025-59718 is a vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager. It stems from an improper verification of cryptographic signatures, which could allow an unauthenticated attacker to bypass FortiCloud Single Sign-On (SSO) login authentication. This bypass is possible through a crafted Security Assertion Markup Language (SAML) message, but only if the FortiCloud SSO login feature is enabled on the device. The FortiCloud SSO login feature is not enabled by default in factory settings. However, it becomes enabled when an administrator registers the device with FortiCare via the GUI, unless the administrator specifically disables the "Allow administrative login using FortiCloud SSO" option during registration.

Vulnerability name

ASUS Live Update Embedded Malicious Code Vulnerability

Product

ASUS Live Update

CVE-2025-59374 refers to a vulnerability affecting certain versions of the ASUS Live Update client, which were distributed with unauthorized modifications due to a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. This vulnerability is related to a supply chain attack, known as Operation ShadowHammer, where an advanced persistent threat (APT) group breached ASUS servers between June and November 2018. The attackers implanted malicious code, targeting a small group of users identified by their network adapter's MAC addresses. Although the issue was fixed in version 3.6.8, the Live Update client reached end-of-support on December 4, 2025.

Vulnerability name

Cisco Multiple Products Improper Input Validation Vulnerability

Product

Cisco Multiple Products

CVE-2025-20393 is an improper input validation vulnerability that affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Specifically, the vulnerability is triggered when the Spam Quarantine feature is exposed to the internet. Attackers have been observed exploiting this vulnerability in the wild to install backdoors (like AquaShell and AquaTunnel) and tools for log manipulation (like AquaPurge) and traffic proxying (Chisel). CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog.