RSS Parrot

2025-017: Critical Vulnerabilitites in Microsoft Products

https://cert.europa.eu/publications/security-advisories/2025-017/

Published: April 11, 2025 21:23

On 8 April 2025, Microsoft released fixes addressing more than 100 vulnerabilities in various Microsoft products, 11 of which are rated as Critical. It is recommended updating as soon as possible, prioritising critical devices and public facing assets.

2025-016: Critical Vulnerability in Ivanti Products

https://cert.europa.eu/publications/security-advisories/2025-016/

Published: April 3, 2025 16:57

On April 4, 2025, Ivanti released a security advisory regarding a critical vulnerability affecting their products. The vulnerability is known to be exploited in the wild. The vulnerability has been fixed in the February 2025 release and was initially…

2025-015: Critical vulnerability in CrushFTP

https://cert.europa.eu/publications/security-advisories/2025-015/

Published: April 3, 2025 16:55

In April 2025, information about an easy-to-exploit critical vulnerability affecting CrushFTP was made public. It is recommended updating affected server as soon as possible. Proof of concepts are available, and the vulnerability is being exploited in the…

2025-014: Critical Vulnerability in Apache Tomcat

https://cert.europa.eu/publications/security-advisories/2025-014/

Published: April 3, 2025 16:55

On March 10, 2025, Apache released a security advisory regarding a critical vulnerability affecting the Apache Tomcat product. It is recommended updating the affected assets to a fixed version of Apache Tomcat.

2025-013: Remote Code Execution Vulnerability in Splunk

https://cert.europa.eu/publications/security-advisories/2025-013/

Published: March 27, 2025 20:20

On March 26, 2025, Splunk released a security advisory addressing a vulnerability in Splunk Enterprise and Splunk Cloud Platform that allows low-privileged users to perform Remote Code Execution (RCE). It is recommended updating as soon as possible.

2025-012: Critical Vulnerabilities in Kubernetes Ingress-NGINX

https://cert.europa.eu/publications/security-advisories/2025-012/

Published: March 25, 2025 19:54

On March 24, 2025, Wiz Research disclosed a set of critical Remote Code Execution vulnerabilities in the Ingress-NGINX Controller for Kubernetes. The vulnerabilities CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 can be exploited to gain…

2025-011: Critical Vulnerabilities in Gitlab

https://cert.europa.eu/publications/security-advisories/2025-011/

Published: March 14, 2025 17:03

On March 13, 2025, GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), addressing nine vulnerabilities, including two critical severity flaws in the "ruby-saml" library used for SAML Single Sign-On (SSO) authentication.…

2025-010: Critical Vulnerability in Cisco IOS XR Software

https://cert.europa.eu/publications/security-advisories/2025-010/

Published: March 14, 2025 17:02

On March 13, 2025, CISCO released an advisory regarding a critical vulnerability identified in Cisco’s IOS XR Software. It is recommended updating affected assets as soon as possible.

2025-009: Critical Vulnerabilities in Windows Remote Desktop Services

https://cert.europa.eu/publications/security-advisories/2025-009/

Published: March 14, 2025 17:01

On March 13, Microsoft has released its March security update, addressing 57 vulnerabilities across its product range, including six critical flaws. Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE)…

2025-008: High Vulnerabilities in Fortinet Products

https://cert.europa.eu/publications/security-advisories/2025-008/

Published: March 14, 2025 17:00

On March 11, 2025, Fortinet released several security advisories addressing 18 vulnerabilities ranging from low to high severity. It is recommended updating as soon as possible.