#OT #Advisory VDE-2025-026
AUMA Riester: Buffer overflow in service telegram
Sending too much data in the service telegram of AUMA actuators leads to a buffer overflow in the actuator controls. Depending on the actuator, the service telegram is transmitted either via Bluetooth or RS232
#CVE CVE-2025-3496
https://certvde.com/en/advisories/VDE-2025-026
#CSAF https://auma.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-026.json
setuid root screen is a gift that just keeps on giving…
#CVE #CVE_2025_23395 #InfoSec #Linux #OpenSource
https://security.opensuse.org/2025/05/12/screen-security-issues.html
Oh my. I...I thought that was a spoof pic. I should know better by now. *sigh*
https://www.theregister.com/2025/05/12/cisa_vulnerabilities_updates_x/
brb updating some #CVE references https://infosec.exchange/@harrysintonen/114494280008048233
Users of #Tunnelblick #VPN client for #macOS should patch their installation immediately #CVE
https://tunnelblick.net/cCVE-2025-43711.html
Lambda Watchdog CVE Report
Latest AWS Lambda image scan detected 6 CVEs across 25 images:
• 
Critical: 0
• 
High: 3
• 
Medium: 3
• 
Low: 0
Check the full report 
https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
Vulnerability management alarm: The CVE Program needs long-term stability 
The U.S. government’s 11-month funding extension buys only short-term relief
A new independent nonprofit—founded by experts and former CVE Board members—has launched to ensure continuity
Disruptions in CVE cataloging ripple across training, threat intelligence, and incident response
Without a trusted, transparent governance model, defenders lose their shared language and edge
It’s time to embed durable funding, clear oversight, and multi-stakeholder stewardship into CVE’s future
How is your organization preparing for a world where CVE IDs remain reliable?
#CVE #CyberSecurity #Governance #VulnerabilityManagement #Infosec
https://www.helpnetsecurity.com/2025/05/06/cve-program-foundation/
Lambda Watchdog CVE Report
Latest AWS Lambda image scan detected 6 CVEs across 25 images:
• Critical: 0
• High: 3
• Medium: 3
• Low: 0
Check the full report https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
Wrote a stupidly simple hacky 40 line PHP script to poll CVE for apps I use and email me once a day for any new CVE that pop up. This is where someone says “you know there’s an api for that?”
Lambda Watchdog CVE Report
Latest AWS Lambda image scan detected 6 CVEs across 25 images:
• Critical: 0
• High: 3
• Medium: 3
• Low: 0
Check the full report https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
Btw if you agree that the USG should no longer be the sole funder of #CVE, I have an open letter to Congress that you’re welcome to sign.
https://resist.bot/petitions/PWDDUS
@resistbot is easy and fun to use.
Oh, the US government wouldn’t consider turning off the #CVE databse! It’s critical cybersecurity infrastructure!
#NOAA has entered the chat: https://www.cnn.com/2025/05/08/climate/noaa-ends-disaster-database
Don’t think it can’t happen here, too.
Lambda Watchdog CVE Report
Latest AWS Lambda image scan detected 6 CVEs across 25 images:
• Critical: 0
• High: 3
• Medium: 3
• Low: 0
Check the full report https://lambdawatchdog.com/
#AWS #Lambda #CVE #CloudSecurity #Serverless
794 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of April 28, 2025
https://cisa.gov/news-events/bulletins/sb25-125
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
Radware Cloud WAF flaws let attackers bypass filters. Learn about CVE-2024-56523 & 56524 and secure your systems now.
#SecurityLand #CyberWatch #SecurityVulnerability #CVE #Radware #Cloud #WAF
Read More: https://www.security.land/critical-security-flaws-in-radware-cloud-waf-risk-filter-bypass-patch-now/
Cisco issues emergency alert: A critical vulnerability (CVSS 10.0) in IOS XE Wireless Controller risks root access. Learn mitigation steps now.
#SecurityLand #CyberWatch #SecurityVulnerability #CVE #IOSXE #Cisco #WirelessController
A severe SQL injection vulnerability (CVE-2025-46337) has been discovered in the ADOdb PostgreSQL driver. Developers using PHP + PostgreSQL must update to version 5.22.9 immediately to stay secure.
#SecurityLand #CyberWatch #SecurityVulnerability #CVE #ADOdb #PostgreSQL #PHP #SQLInjection
Read More: https://www.security.land/critical-sql-injection-vulnerability-found-in-adodb-postgresql-driver/
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 𝗔𝗳𝘁𝗲𝗿 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 to the 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 article.
https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/
Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟭 - 𝗧𝗵𝗼𝘂𝗴𝗵𝘁𝘀 𝗔𝗳𝘁𝗲𝗿 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝘀 to the 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗝𝗮𝗶𝗹𝘀 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 article.
https://vermaden.wordpress.com/2025/04/11/freebsd-jails-security/
Schöner Vortrag von @TimPhSchaefers zu einer Path Traversal Lücke (CVE-2025-43928) in Überwachungstechnik und die Odyssee den Hersteller zur Behebung zu bewegen.
