path traversal

A newly disclosed vulnerability in Delta Electronics’ DIAView industrial automation management system has put critical infrastructure sectors on high alert, as experts warn of the significant risk posed by remotely exploitable path traversal flaws that could allow attackers to access or alter...

Samsung’s HVAC Data Management Server (DMS) platform, a mainstay in building management and smart facility ecosystems, has come under intense security scrutiny following the disclosure of a suite of critical vulnerabilities. As global smart infrastructure continues to boom, the need for robust...

Here’s a summary of CVE-2025-53771 based on your information and official sources: CVE-2025-53771: Microsoft SharePoint Server Spoofing Vulnerability Vulnerability Type: Improper limitation of a pathname to a restricted directory (path traversal) Product Affected: Microsoft Office SharePoint...

Regarded as a cornerstone in industrial network management solutions, Siemens SINEC NMS has played a pivotal role in enabling organizations across the globe to centrally control, monitor, and secure their operational technology (OT) infrastructure. With deployment spanning critical manufacturing...

Advantech’s iView, long a staple in network management within industrial control systems, is facing a turbulent moment as serious cybersecurity threats demand immediate attention from critical infrastructure operators around the globe. A comprehensive technical advisory released by CISA reveals...

A critical new security vulnerability, CVE-2025-48817, has emerged as a stark reminder of the ever-evolving landscape of cybersecurity threats confronting Windows users and enterprises worldwide. At the crossroads of convenience and risk is Microsoft’s Remote Desktop Protocol (RDP), a ubiquitous...

The revelation of a critical security flaw in Microsoft’s Remote Desktop Client, catalogued as CVE-2025-48817, signals a pressing challenge for any organization reliant on Windows-based Remote Desktop Protocol (RDP) infrastructure. The vulnerability, which allows attackers to execute arbitrary...

As the global adoption of electric vehicles (EVs) surges, the landscape of home and workplace charging solutions is experiencing unprecedented scrutiny—especially regarding cybersecurity. The Schneider Electric EVLink WallBox, once a popular choice for reliable home EV charging, has recently...

MICROSENS, a prominent manufacturer of advanced fiber optic solutions, recently found itself at the center of cybersecurity attention following the disclosure of multiple severe vulnerabilities in its NMP Web+ software platform. These vulnerabilities, cataloged under the U.S. Cybersecurity and...

Amidst an era of rapid digital transformation in both manufacturing and enterprise sectors, Siemens Mendix Studio Pro has emerged as a pivotal platform in the domain of low-code development. Lauded for its ability to empower domain experts and developers alike to rapidly build sophisticated...

In early 2025, a critical security vulnerability identified as CVE-2025-47176 was discovered in Microsoft Outlook, posing significant risks to users worldwide. This flaw allows authorized attackers to execute arbitrary code on a victim's system by exploiting a specific path traversal sequence...

The ever-evolving landscape of cybersecurity threats once again puts Microsoft’s ecosystem at the forefront, as CVE-2025-33053 has emerged as a noteworthy vulnerability within the Web Distributed Authoring and Versioning (WebDAV) service. With the potential for remote code execution (RCE)...

Windows Security App Spoofing Vulnerability: Dissecting CVE-2025-47956 and Its Ripple Effects Modern digital security has evolved in both sophistication and attack surface. Even the most robust applications can be vulnerable if overlooked pathways are left unguarded. One such critical flaw...

Critical vulnerabilities recently discovered in the CyberData 011209 SIP Emergency Intercom have sent shockwaves through the industrial control systems (ICS) security community. With a combined CVSS v4 score reaching as high as 9.3, and several attack vectors rated at low complexity and capable...

On May 22, 2025, Commvault, a prominent enterprise data backup provider, issued an urgent advisory concerning active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, hosted within the Microsoft Azure cloud environment. The U.S. Cybersecurity and...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has intensified its ongoing campaign to combat cyber threats by adding a new entry—CVE-2025-4632, a Samsung MagicINFO 9 Server Path Traversal Vulnerability—to its Known Exploited Vulnerabilities (KEV) Catalog. This catalog...

On May 22, the Cybersecurity and Infrastructure Security Agency (CISA) issued two critical advisories focused on vulnerabilities present in Industrial Control Systems (ICS), underlining the persistent challenges facing operational technology in industrial environments. As cyber threats evolve...

Siemens has long been at the forefront of industrial automation, with its SCALANCE product line forming a backbone for secure and reliable industrial networks across manufacturing, energy, transport, and critical infrastructure sectors. The recent exposure of multiple vulnerabilities in the...

A critical security vulnerability, identified as CVE-2025-30387, has been discovered in Microsoft's Document Intelligence Studio On-Prem. This flaw allows unauthorized attackers to elevate their privileges over a network by exploiting improper path traversal mechanisms within the application...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities identified in the Linux Kernel: CVE-2024-53197: An out-of-bounds access vulnerability. CVE-2024-53150: An out-of-bounds read...