View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: IDIS Equipment: ICM Viewer Vulnerability: Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) 2. RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker executing arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following version of… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Survision Equipment: License Plate Recognition (LPR) Camera Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to fully access the system without requiring authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following… Read more

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-24893 XWiki Platform Eval Injection Vulnerability CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TropOS Vulnerabilities: OS Command Injection, Improper Privilege Management 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow command injections and privilege escalation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports TropOS wireless devices are affected when… Read more

CISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS  CISA encourages users and administrators to review newly released ICS Advisories for technical details and mitigations. Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.2 ATTENTION: Low Attack Complexity Standard: ISO 15118-2 Network and Application Protocol Requirements Equipment: EV Car Chargers Vulnerability: Improper Restriction of Communication Channel to Intended Endpoints 2. RISK EVALUATION Successful exploitation of this vulnerability could result in man-in-the-middle attacks. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ISO… Read more

Post Content Read more

Today, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices, a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors. Threat activity targeting Exchange continues to persist, and organizations with unprotected or misconfigured Exchange servers remain at high risk of… Read more

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6204 Dassault Systèmes DELMIA Apriso Code Injection Vulnerability CVE-2025-6205 Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding… Read more

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vertikal Systems Equipment: Hospital Manager Backend Services Vulnerabilities: Exposure of Sensitive System Information to an Unauthorized Control Sphere, Generation of Error Message Containing Sensitive Information 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain unauthorized access… Read more