Skip to content

CVE

Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Zero-day vulnerabilities are a serious threat to organizations all over the world in the consistently elevating field of cybersecurity. Recently, a critical vulnerability known as CVE-2025-48827 surfaced, leaving systems vulnerable to privilege escalation alongside remote code execution (RCE) attacks. This blog post provides an in-depth analysis of the vulnerability, a step-by-step exploitation guide, and actionable… Read More »Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Weekly Report: New Hacking Techniques and Critical CVEs June 18–June 25, 2025

This week’s intelligence reveals an escalation in targeted exploitation of emerging software flaws, novel stealthy attack techniques leveraging legitimate infrastructure, and politically driven data leaks orchestrated via dark web channels. Three high-severity vulnerabilities—affecting Langflow AI servers, Citrix NetScaler appliances, and default Linux configurations—have been weaponized in the wild. Attackers are also innovating with JavaScript-based credential… Read More »Weekly Report: New Hacking Techniques and Critical CVEs June 18–June 25, 2025

Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability

In April 2025, a critical pre-auth Remote Code Execution vulnerability, CVE-2025-34028, was discovered in Commvault Command Center. This vulnerability allows attackers to achieve remote code execution without authentication by exploiting an Server-Side Request forgery (SSRF) and a path traversal issue that enables uploading and executing malicious ZIP files. With a CVSS score of 10.0, this… Read More »Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability

Critical Ivanti Vulnerability CVE-2025-22457: What You Need to Know

A critical remote code execution (RCE) vulnerability (CVE-2025-22457) was found in Ivanti’s Connect Secure (ICS), Policy Secure, Pulse Connect Secure (PCS), and ZTA Gateways in April 2025. This vulnerability enables unauthenticated attackers to run arbitrary code on affected devices by utilising a stack-based buffer overflow in the X-Forwarded-For http request header. According to threat intelligence… Read More »Critical Ivanti Vulnerability CVE-2025-22457: What You Need to Know

Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?

A Critical vulnerability, CVE-2025–24813, was discovered in Apache Tomcat, a widely used open-source Java servlet container. This vulnerability stems from improper handling of path normalization, allowing attackers to bypass security controls and achieve Remote Code Execution (RCE). With a high severity rating, this vulnerability poses a significant risk to organizations using affected versions of Apache… Read More »Critical Apache Tomcat Vulnerability: CVE-2025-24813 Enables RCE – Are You Vulnerable?

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.