The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a MongoDB vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. CISA urges users to patch the vulnerability before January 19, 2026. Tracked as CVE-2025-14847, the vulnerability has a high severity rating with a CVSS score of 8.7. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to disclose sensitive data from the MongoDB server memory. The vulnerability … Continue reading “MongoDB Memory Disclosure Vulnerability Under Active Exploitation (CVE-2025-14847) (MongoBleed)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)
Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Tracked as CVE-2025-20939, the vulnerability may allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of targeted appliances. The vulnerability has a critical severity rating with a … Continue reading “Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)”
Apple Warns of Zero-day Vulnerability Exploited in Attack (CVE-2025-43529)
Apple issued security updates for iOS, iPadOS, macOS, and its Safari web browser to address a vulnerability being exploited in the wild. Tracked as CVE-2025-43529, the use-after-free vulnerability exists in WebKit. An attacker may exploit the vulnerability by processing maliciously crafted web content, leading to arbitrary code execution. The vulnerability was addressed with improved memory management. Apple is aware of an active exploitation of a vulnerability in a highly sophisticated attack targeting specific, high-profile individuals on iOS versions before iOS 26.
CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OSGeo GeoServer vulnerability to its Known Exploited Vulnerabilities Catalog, acknowledging the active exploitation of the vulnerability. Tracked as CVE-2025-58360, the vulnerability has a high severity rating with a CVSS score of 8.2. Successful exploitation of the vulnerability may allow an attacker to retrieve arbitrary files from the server’s file system. GeoServer is an open-source server software written … Continue reading “CISA Warns Actively Exploited GeoServer Unauthenticated XML XXE Vulnerability (CVE-2025-58360)”
Google Patches Zero-day Vulnerability Exploited in Attack (CVE-2025-14174)
Google has issued urgent updates to address another Chrome zero-day vulnerability that is actively being exploited in the wild, making it the eighth security flaw fixed since the beginning of the year.
Fortinet Addresses Critical Vulnerabilities Impacting Multiple Fortinet Products (CVE-2025-59718 & CVE-2025-59719)
Fortinet releases fixes to address two critical vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Tracked as CVE-2025-59718 and CVE-2025-59719, both vulnerabilities have a CVSS score of 9.1. Successful exploitation of the vulnerabilities could lead to improper access control.
Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)
Threat actors are exploiting a zero-day vulnerability, CVE-2025-64446, that has been discovered in Fortinet’s FortiWeb web application firewall product. Successful exploitation of this new vulnerability allows an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. FortiGuard mentioned in the advisory that they are aware of the active exploitation … Continue reading “Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446)”
Microsoft Patch Tuesday, November 2025 Security Update Review
Microsoft released its November Patch Tuesday Security Updates. Here’s a quick breakdown of what you need to know. This month’s release addresses 68 vulnerabilities, including five critical and 59 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed a zero-day vulnerability that was being exploited in the wild. Microsoft has addressed five vulnerabilities in Microsoft … Continue reading “Microsoft Patch Tuesday, November 2025 Security Update Review”
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)
Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and Magento Open-Source platforms. Tracked as CVE-2025-54236, the vulnerability has a critical severity rating with a CVSS score of 9.1. The vulnerability originates from an improper input validation and could allow attackers to hijack customer accounts … Continue reading “Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)”
Microsoft Patch Tuesday, October 2025 Security Update Review
As cybersecurity threats evolve, Microsoft’s October 2025 Patch Tuesday delivers one of the most comprehensive security updates of the year. Here’s a quick breakdown of what you need to know. This month’s release addresses a staggering 193 vulnerabilities, including nine critical and 123 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed six zero-day vulnerabilities. … Continue reading “Microsoft Patch Tuesday, October 2025 Security Update Review”