#cve-2025

[ follow ]
#fortinet #ivanti #saml-signature-verification #stored-xss #runc #container-escape #symlink-vulnerability #openssl
Information security
fromThe Hacker News
3 days ago

Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Critical authentication-bypass and code-execution vulnerabilities fixed in Fortinet, Ivanti, and SAP products, including Fortinet SAML signature verification and Ivanti Endpoint Manager stored XSS.
Information security
fromTechzine Global
1 month ago

Runtime behind Docker and Kubernetes contains three vulnerabilities

Three runC vulnerabilities allow container escape by manipulating mounts and symlinks, potentially enabling execution of root-level code on the host.
fromSecurityWeek
2 months ago

OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks

Two of the vulnerabilities have been assigned a 'moderate severity' rating. One of them is CVE-2025-9231, which may allow an attacker to recover the private key. OpenSSL is used by many applications, websites and services for securing communications and an attacker who can obtain a private key may be able to decrypt encrypted traffic or conduct a man-in-the-middle (MitM) attack.
Information security
Information security
fromThe Hacker News
3 months ago

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Four Commvault vulnerabilities (CVE-2025-57788/57789/57790/57791) enable unauthenticated or low-privilege remote code execution; fixes issued in 11.32.102 and 11.36.60.
[ Load more ]