Overview A critical command injection vulnerability, identified as CVE-2025-14106, has been discovered in ZSPACE Q2C NAS devices up to version 1.1.0210050. This vulnerability allows a remote attacker to execute arbitrary commands on the affected system. The vendor was notified of the issue but has not yet responded. The exploit is publicly available, increasing the risk … Read more
Overview A critical vulnerability, identified as CVE-2025-13426, has been discovered in Google Apigee’s JavaCallout policy. This vulnerability allows for remote code execution (RCE), potentially enabling attackers to compromise systems and data within your Apigee environment. Google has released patches to address this issue in several Apigee hybrid and OPDK versions. Immediate action is recommended to … Read more
Overview This article provides a detailed analysis of CVE-2025-8148, a medium-severity vulnerability affecting Fortra’s GoAnywhere MFT (Managed File Transfer) platform. This improper access control flaw in the SFTP service allows unauthorized access under specific circumstances, potentially leading to data breaches and security compromises. Technical Details CVE-2025-8148 resides in the SFTP service of GoAnywhere MFT versions … Read more
Overview CVE-2025-14105 details a medium severity vulnerability affecting TOZED ZLT M30S and ZLT M30S PRO routers running firmware versions 1.47/3.09.06. This vulnerability allows an attacker within the local network to cause a denial-of-service (DoS) condition by manipulating a specific request to the router’s web interface. The vendor has been contacted but has not provided a … Read more
Overview A high-severity vulnerability, identified as CVE-2025-66624, has been discovered in the BACnet Protocol Stack library. This library provides BACnet application layer, network layer, and media access (MAC) layer communication services. The vulnerability exists in versions prior to 1.5.0.rc2 and could lead to a Denial-of-Service (DoS) condition. This article provides a detailed analysis of the … Read more
Overview A high-severity vulnerability, identified as CVE-2025-66623, has been discovered in Strimzi, a Kubernetes Operator for running Apache Kafka. This vulnerability affects Strimzi versions 0.47.0 and prior to 0.49.1. It could allow Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands to gain unauthorized read access to all Kubernetes Secrets within the namespace where they … Read more
Overview A significant security vulnerability, identified as CVE-2025-66581, has been discovered in Frappe Learning Management System (LMS). This flaw, present in versions prior to 2.41.0, allowed authenticated users with low-level privileges to execute actions typically reserved for instructors or administrators. This privilege escalation was possible due to insufficient server-side authorization checks, relying instead on client-side … Read more
Overview CVE-2025-66577 is a medium severity vulnerability found in cpp-httplib, a C++11 single-file header-only cross platform HTTP/HTTPS library. This vulnerability allows attackers to manipulate server-side logs by injecting malicious values into the X-Forwarded-For and X-Real-IP headers. Specifically, the get_client_ip() function in docker/main.cc unconditionally accepts these headers, leading to log poisoning and potential audit evasion. Technical … Read more
Overview CVE-2025-66570 identifies a critical vulnerability in cpp-httplib, a C++11 single-file header-only cross-platform HTTP/HTTPS library. This vulnerability allows attacker-controlled HTTP headers to influence server-visible metadata, logging, and authorization decisions. It has been assigned a CVSS score of 10, indicating its severity. Technical Details The vulnerability arises from how cpp-httplib handles incoming HTTP headers. An attacker … Read more
Overview CVE-2025-46603 is a high-severity vulnerability affecting Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior. This vulnerability stems from an improper restriction of excessive authentication attempts, potentially allowing an unauthenticated attacker with remote access to gain unauthorized access to the system. Technical Details The vulnerability resides in the authentication mechanism of the Dell CloudBoost Virtual … Read more