serisec

Category: CVE Vulnerabilities

  • Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft

    Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft Multiple vulnerabilities have been discovered in CryptoPro Secure Disk (CPSD) for BitLocker, a widely used encryption solution. These flaws could allow an attacker with physical access to a device to gain persistent root access and steal sensitive credentials. The issues…

  • Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges

    Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate…

  • Critical InputPlumber Vulnerabilities Allows UI Input Injection and Denial-of-Service

    Critical InputPlumber Vulnerabilities Allows UI Input Injection and Denial-of-Service Critical vulnerabilities in InputPlumber, a Linux input device utility used in SteamOS, could allow attackers to inject UI inputs and cause denial-of-service conditions on affected systems. The SUSE researchers tracked as CVE-2025-66005 and CVE-2025-14338, which affect InputPlumber versions before v0.69.0 and stem from inadequate D-Bus authorization mechanisms. InputPlumber combines…

  • Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

    Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized…

  • Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security

    Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code and Bypass Security Critical security updates for Acrobat and Reader are available, addressing multiple vulnerabilities that could allow attackers to execute arbitrary code and bypass essential security features. Adobe issued security bulletin APSB25-119 on December 9, 2025, with a priority rating of 3, affecting both Windows and macOS…

  • Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions

    Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgrades. The vulnerability, tracked as CVE-2025-20386 for Splunk Enterprise and CVE-2025-20387 for Universal Forwarder. Allows non-administrator users to access sensitive…

  • Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks

    Multiple Django Vulnerabilities Enables SQL Injection and Denial-of-Service Attacks The development team has officially released essential security updates to address two significant vulnerabilities found in the popular web framework. These issues range from high to moderate severity. They could allow attackers to compromise database integrity or crash servers through resource exhaustion. The most critical flaw,…

  • HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials

    HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-13357, affects organizations using LDAP authentication with Vault. The security issue stems from an…

  • Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin

    Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems. The vulnerabilities disclosed in Serv-U version 15.5.3 pose significant risks to organizations that rely on…

  • CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks

    CISA Warns WatchGuard Firebox Out-of-Bounds Write Vulnerability Exploited Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has released a warning about a serious vulnerability affecting WatchGuard Firebox security appliances. This flaw, tracked as CVE-2025-9242, potentially allows remote attackers to take control of affected systems. The security issue involves an out-of-bounds write in the device’s operating…

  • Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly

    Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a denial-of-service condition that forces…