Executive Summary On March 4, 2025, three critical VMware ESXi vulnerabilities were exploited in VMware products. This includes CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, all involved ...
Posts for category: Vulnerabilities Weekly Summaries
Executive Summary A critical vulnerability, CVE-2025-27364, targets MITRE Caldera. It allows for the execution of remote code without authentication. Patches have been made for all affected ...
Exploitation of Palo Alto Networks–CVE-2025-108
Executive Summary On February 12, 2025, a critical authentication bypass vulnerability, CVE-2025-0108, was discovered in Palo Alto’s PAN-OS. With a common vulnerability score of 8.8, the ...
Zero Day 7-Zip Vulnerability exploited to target Ukrainian Organizations
Executive Summary On October 1, 2024, a severe vulnerability was discovered in 7-Zip. The weakness allows homoglyph attacks by circumventing the Mark-of-the-Web (MOTW) security mechanism. This zero ...
Windows NTLM v1 Elevation of Privilege Vulnerability
Executive Summary On January 13, 2025, a critical elevation of privilege vulnerability, CVE-2025-21311, was discovered in the NTLMv1 authentication protocol used by Windows. This vulnerability ...
Executive Summary On January 14, 2025, a critical Remote Code Execution (RCE) vulnerability, CVE-2025-21298, affected the Windows Object Linking and Embedding (OLE). This vulnerability involves ...
Subaru’s STARLINK Vulnerability
Executive Summary On November 20, 2024, a vulnerability was discovered in Subaru’s STARLINK vehicle service. This gave unauthorized access to sensitive user data such as Personally Identifiable ...
CVE-2014-2120 Exploited a Decade Later
Executive Summary On December 2, 2024 CISCO disclosed on their security advisory page that a vulnerability first discovered on March 18, 2014 was actively being exploited in the wild. The ...
Oracle Agile PLM Vulnerability
Executive Summary On November 18, 2024 Oracle disclosed in a security advisory that they had discovered a vulnerability in their Agile Product Lifecycle Management (PLM) Framework. The ...
HPE Critical RCE Vulnerability
Executive Summary On November 11, 2024, Hewlett Packard Enterprise (HPE) released a security patch to address several critical vulnerabilities impacting their Aruba Networking Access Point ...