Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...
A recently republished U.S. federal advisory warns that Rockwell Automation’s FactoryTalk Activation Manager contains a cryptographic implementation flaw that can be exploited remotely to decrypt or tamper with activation and management traffic — an issue assigned CVE‑2025‑7970 and rated with a...
Rockwell Automation has confirmed a serious injection vulnerability in Stratix IOS that affects multiple Stratix switch families and can be exploited remotely to upload and run malicious configurations without authentication; CISA has republished Rockwell’s advisory and assigned CVE‑2025‑7350...
Siemens has confirmed a widespread denial-of-service (DoS) vulnerability affecting multiple models in the SIPROTEC 4 and SIPROTEC 4 Compact line that can be triggered remotely by an unauthenticated attacker during interrupted file-transfer operations; the issue is tracked as CVE-2024-52504 and...
Siemens has disclosed a broad, high-severity set of vulnerabilities affecting the SINEC family—spanning SINEC NMS, SINEC INS and devices running SINEC OS—and vendors and operators must treat these as urgent operational risks: multiple advisories published by Siemens ProductCERT show...
Burk Technology's ARC Solo—a mainstay in broadcast facility monitoring and control—has recently come under scrutiny following the disclosure of a critical vulnerability that exposes the device to remote exploitation. This revelation, denoted as CVE-2025-5095 and ranked at a critical 9.3 on the...
A major security vulnerability has been discovered in Packet Power’s EMX and EG products, exposing critical infrastructure worldwide to the risk of unauthorized remote access and control. The vulnerability, designated CVE-2025-8284, allows attackers to bypass authentication entirely, offering a...
Here’s a summary of CVE-2025-53771 based on your information and official sources:
CVE-2025-53771: Microsoft SharePoint Server Spoofing Vulnerability
Vulnerability Type: Improper limitation of a pathname to a restricted directory (path traversal)
Product Affected: Microsoft Office SharePoint...
Hitachi Energy’s MicroSCADA X SYS600, a pivotal software platform in power automation and control systems, has become the focus of critical cybersecurity scrutiny following the public disclosure of multiple vulnerabilities impacting a wide swath of its global deployment. This article closely...
BrightSign, a renowned manufacturer of digital signage players, recently made headlines in the cybersecurity community following the publication of a critical advisory by the Cybersecurity and Infrastructure Security Agency (CISA). At the heart of the advisory lies CVE-2025-3925, a privilege...
If you had “remotely exploitable stack-based buffer overflow in Johnson Controls ICU” on your 2025 cybersecurity bingo card, congratulations—your predictive powers are unmatched, and perhaps terrifying. For the rest of us mere mortals, now is a prudent time to uncross your fingers and fire up...