Recently, Cisco revealed a critical vulnerability CVE-2025-20188 in its IOS XE Wireless Controller Software, affecting version 17.12.03 and earlier. CVE-2025-20188 stems from an unauthenticated arbitrary file upload mechanism, is linked to a hard-coded JSON Web Token (JWT) in the system. This vulnerability impacts Cisco’s widely deployed Wireless LAN Controller (WLC), a core enterprise solution integrated … Continued
The Apache Software Foundation has disclosed a new security vulnerability affecting multiple versions of Apache Tomcat. Tracked as CVE-2025-46701, the issue allows for a security constraint bypass under specific conditions, though it has been classified as a low severity risk. CVE-2025-46701 The flaw impacts Apache Tomcat versions: 11.0.0-M1 to 11.0.6 10.1.0-M1 to 10.1.40 9.0.0.M1 to … Continued
Dell Technologies has rolled out a critical security update for its PowerStore T family of storage appliances, addressing multiple vulnerabilities that could leave systems exposed to exploitation. The update, detailed in Security Advisory DSA-2025-223, is rated as high impact and is strongly recommended for all users to apply without delay. What’s at Stake? This update … Continued
Security researchers at Oasis Security have uncovered a significant vulnerability in Microsoft’s OneDrive File Picker, revealing that websites using the tool can gain access to a user’s entire OneDrive storage not just the specific files intended for upload. This flaw, which affects hundreds of apps including ChatGPT, Slack, Trello, and ClickUp, could impact millions of … Continued
A newly disclosed vulnerability in ModSecurity2 firewall, tracked as CVE-2025-47947, has raised concerns over potential Denial of Service (DoS) attacks under specific, rare conditions. The issue was officially published on May 21, 2025, and is rated 7.5 (High) on the CVSS scale. The vulnerability was initially reported privately by a customer in March 2025. After … Continued
Cisco has issued a high-severity security advisory for a vulnerability affecting its Identity Services Engine (ISE), warning that the flaw could allow unauthenticated remote attackers to trigger a denial of service (DoS) condition on affected devices. CVE-2025-20152 The vulnerability, tracked as CVE-2025-20152, stems from improper handling of certain RADIUS authentication requests within Cisco ISE, a widely … Continued
