Cybersecurity

Overview A high-severity stack-based buffer overflow vulnerability, identified as CVE-2025-60690, has been discovered in Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us. This flaw allows unauthenticated remote attackers to potentially execute arbitrary code or cause a denial-of-service (DoS) condition on affected devices. Technical Details The vulnerability resides in the get_merge_ipaddr function within the httpd binary. … Read more

Overview This blog post details CVE-2025-20355, a medium-severity open redirect vulnerability affecting the web-based management interface of the Cisco Catalyst Center Virtual Appliance. This vulnerability could be exploited by an unauthenticated, remote attacker to redirect users to malicious web pages, potentially leading to phishing attacks or credential theft. Technical Details The vulnerability stems from improper … Read more

Overview CVE-2025-20353 details a cross-site scripting (XSS) vulnerability found within the web-based management interface of Cisco Catalyst Center. This vulnerability allows an unauthenticated, remote attacker to execute arbitrary script code within the browser of a user interacting with the affected interface. By tricking a user into clicking a specially crafted link, an attacker can potentially … Read more

Published: 2025-11-13T17:15:45.817 Overview A critical vulnerability, identified as CVE-2025-20349, has been discovered in the REST API of Cisco Catalyst Center (formerly DNA Center). This vulnerability could allow an authenticated, remote attacker to execute arbitrary commands within a restricted container as the root user, potentially leading to significant system compromise. Technical Details The vulnerability stems from … Read more

Overview CVE-2025-20346 describes a medium-severity vulnerability affecting Cisco Catalyst Center. This flaw allows a remote, authenticated attacker with read-only (Observer) privileges to perform actions that are intended only for Administrator-level accounts. Successful exploitation could lead to unauthorized modification of critical system policies. Technical Details The vulnerability stems from improper role-based access control (RBAC) implementation within … Read more

Overview CVE-2025-20341 is a high-severity vulnerability affecting the Cisco Catalyst Center Virtual Appliance. This vulnerability could allow an authenticated, remote attacker to elevate their privileges to Administrator on a vulnerable system. Exploitation allows unauthorized modifications, potentially including creating new user accounts or gaining complete control over the system. Technical Details The vulnerability stems from insufficient … Read more

Overview CVE-2025-13121 is a high-severity SQL Injection vulnerability discovered in cameasy LikeTea version 1.0.0. This vulnerability resides within the list function of the laravel/app/Http/Controllers/Front/StoreController.php file, specifically affecting the API Endpoint component. Successful exploitation allows remote attackers to inject arbitrary SQL commands, potentially leading to data breaches, modification, or denial of service. This vulnerability has been … Read more

Overview CVE-2025-11538 is a security vulnerability affecting Keycloak, a popular open-source identity and access management solution. This vulnerability arises when Keycloak’s debug mode is enabled without proper configuration. Specifically, the issue stems from the Java Debug Wire Protocol (JDWP) port binding to all network interfaces (0.0.0.0) by default when the –debug <port> flag is used. … Read more

Overview CVE-2025-64718 describes a prototype pollution vulnerability found in js-yaml, a popular JavaScript YAML parser and dumper. Specifically, versions 4.1.0 and below are susceptible to attacks where malicious YAML documents can modify the prototype of JavaScript objects during parsing. This can lead to various security implications, especially when parsing untrusted YAML data. Technical Details The … Read more

Overview CVE-2025-64717 describes a critical vulnerability in ZITADEL, an open-source identity management platform. This flaw allows for potential account takeovers by exploiting a bypass in the federated authentication process. Specifically, the vulnerability enables the auto-linking of users from external identity providers (IdPs) to existing ZITADEL user accounts, even when the IdP should be disabled or … Read more