Overview A high-severity denial-of-service (DoS) vulnerability, identified as CVE-2025-54848, has been discovered in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows an unauthenticated attacker to disrupt the availability of the device by sending a specially crafted series of network requests. Technical Details The vulnerability resides in how the Socomec DIRIS Digiware M-70 handles specific Modbus TCP messages related to configuration changes. An attacker can trigger a denial-of-service condition by sending the following sequence of Modbus TCP messages to port 502 using the Write Single Register function code (6): A…
-
-
Overview A critical security vulnerability, identified as CVE-2025-3500, has been discovered in Avast Antivirus version 25.1.981.6 running on Windows operating systems. This vulnerability, stemming from an integer overflow or wraparound, could allow an attacker to escalate their privileges to a higher level, potentially gaining control of the affected system. The vulnerability affects Avast Antivirus versions from 25.1.981.6 before version 25.3. Technical Details The vulnerability resides in how Avast Antivirus handles certain input sizes. Specifically, an integer overflow occurs when the size of a data structure is incorrectly calculated. When this overflow happens, it allows an attacker to write outside the…
-
Overview CVE-2025-26858 is a high-severity buffer overflow vulnerability affecting the Modbus TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows an unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted network packets to the device. The vulnerability was published on 2025-12-01. Technical Details The vulnerability resides in the handling of Modbus TCP requests within the Socomec DIRIS Digiware M-70 1.6.9. A specifically crafted sequence of network packets can trigger a buffer overflow, overwriting critical memory regions and causing the device to crash or become unresponsive. The vulnerability is exploitable because the device doesn’t properly…
-
Overview CVE-2025-23417 is a high-severity denial of service (DoS) vulnerability affecting Socomec DIRIS Digiware M-70 version 1.6.9. The vulnerability resides within the Modbus RTU over TCP functionality of the device. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted network packet, leading to a denial of service condition. Technical Details The vulnerability stems from improper handling of specific network packets within the Modbus RTU over TCP implementation. By sending a malformed or unexpected packet, an attacker can cause the DIRIS Digiware M-70 device to crash or become unresponsive. The lack of authentication required to trigger the vulnerability…
-
Overview CVE-2025-20085 describes a high-severity denial-of-service (DoS) vulnerability affecting the Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 version 1.6.9. A specially crafted network packet can be sent to the device, leading to a denial of service and potentially weakening credentials, causing the device to revert to default, documented credentials. Technical Details The vulnerability resides in the handling of Modbus RTU over TCP requests. An unauthenticated attacker can send a malformed packet to the DIRIS Digiware M-70 device. This crafted packet exploits a weakness in the parsing or processing of the Modbus request, causing the device to crash…
-
Overview CVE-2025-13829 identifies a critical Incorrect Authorization vulnerability affecting Data Illusion Zumbrunn NGSurvey. This flaw allows any authenticated user within the system to potentially obtain the private and sensitive information of other users. This unauthorized access poses a significant risk to user privacy and the overall security of the NGSurvey platform. Published on 2025-12-01T16:15:51.690, this vulnerability highlights the importance of robust access control mechanisms in web applications. Technical Details The vulnerability stems from a flaw in the authorization logic of NGSurvey. Specifically, the system fails to properly validate user permissions when accessing certain API endpoints. This allows an attacker, after…
-
Overview CVE-2025-11699 is a critical session hijacking vulnerability affecting nopCommerce, a popular open-source e-commerce platform. Specifically, versions 4.70 and prior, as well as version 4.80.3, fail to properly invalidate session cookies after a user logs out or their session terminates. This oversight allows an attacker in possession of a valid session cookie to gain unauthorized access to privileged endpoints, such as the administrative panel (/admin), even after the legitimate user has logged out. Any version above 4.70 that is not 4.80.3 fixes the vulnerability. Technical Details The vulnerability stems from a lack of proper session management within nopCommerce. When a…
-
Overview A high-severity vulnerability, identified as CVE-2025-10101, has been discovered in Avast Antivirus for MacOS. This vulnerability is a heap-based buffer overflow, out-of-bounds write that can potentially allow for local execution of code or a denial-of-service (DoS) condition affecting antivirus protection. This issue affects Avast Antivirus versions from 15.7 up to, but not including, version 3.9.2025. Technical Details The vulnerability stems from improper handling of a crafted Mach-O file by the Avast Antivirus engine. Specifically, the parsing of this specially crafted file triggers a heap-based buffer overflow. When processing the malicious Mach-O file, the application writes data beyond the allocated…
-
Cybersecurity has become a critical foundation for every organization whether it is a small business, enterprise, fintech company, healthcare provider, SaaS platform, or eCommerce brand. With the increasing frequency of data breaches, ransomware attacks, insider threats, and cloud misconfigurations, businesses must rely on structured cybersecurity services to protect data, maintain compliance, and ensure operational continuity. In this article, I am providing you a comprehensive overview of cybersecurity services, their importance, business benefits, and the essential tools used across the industry. 1. What Are Cybersecurity Services? Cybersecurity services are structured security functions, practices, and technical solutions designed to protect an organization’s…
-
Overview A high-severity Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2024-53684, has been discovered in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 version 1.6.9. This vulnerability allows an attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to significant security breaches. Technical Details The vulnerability exists due to insufficient CSRF protection within the WEBVIEW-M component. An attacker can craft a malicious HTML page containing requests that, when visited by an authenticated user, will be executed by the user’s browser as if they originated from the user themselves. This allows the attacker to potentially modify settings,…