<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Freedom Coder</title>
    <description>The latest articles on DEV Community by Freedom Coder (@freedom-coder).</description>
    <link>https://dev.to/freedom-coder</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3057520%2F80e0c6d9-1160-4c3a-9af3-cdf5c163c85b.png</url>
      <title>DEV Community: Freedom Coder</title>
      <link>https://dev.to/freedom-coder</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/freedom-coder"/>
    <language>en</language>
    <item>
      <title>CVE-2026-45659: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Fri, 03 Jul 2026 15:20:22 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-45659-microsoft-sharepoint-server-deserialization-of-untrusted-data-vulnerability-55l5</link>
      <guid>https://dev.to/freedom-coder/cve-2026-45659-microsoft-sharepoint-server-deserialization-of-untrusted-data-vulnerability-55l5</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-45659&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Microsoft&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;SharePoint Server&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-07-01&lt;/li&gt;
&lt;li&gt;Due Date: 2026-07-04&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659" rel="noopener noreferrer"&gt;https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-45659" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-45659&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>microsoft</category>
      <category>sharepointserver</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2023-4863: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Thu, 02 Jul 2026 08:30:05 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2023-4863-google-chromium-webp-heap-based-buffer-overflow-vulnerability-449j</link>
      <guid>https://dev.to/freedom-coder/cve-2023-4863-google-chromium-webp-heap-based-buffer-overflow-vulnerability-449j</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2023-4863&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Google Chromium WebP Heap-Based Buffer Overflow Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Google&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Chromium WebP&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2023-09-13&lt;/li&gt;
&lt;li&gt;Due Date: 2023-10-04&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1" rel="noopener noreferrer"&gt;https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1&lt;/a&gt;; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2023-4863" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-4863&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/ai-generated-browser-ransomware-abuses-chromium-api-on-windows-linux-macos-android/" rel="noopener noreferrer"&gt;AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>google</category>
      <category>chromiumwebp</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2022-41082: Microsoft Exchange Server Remote Code Execution Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Fri, 26 Jun 2026 21:37:08 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-3fi2</link>
      <guid>https://dev.to/freedom-coder/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-3fi2</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2022-41082&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Microsoft Exchange Server Remote Code Execution Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Microsoft&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Exchange Server&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2022-09-30&lt;/li&gt;
&lt;li&gt;Due Date: 2022-10-21&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Known&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply updates per vendor instructions.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/" rel="noopener noreferrer"&gt;https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/&lt;/a&gt;;  &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2022-41082" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-41082&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/new-sharkloader-malware-deploys-cobalt-strike-in-strikeshark-cyberattacks/" rel="noopener noreferrer"&gt;New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>microsoft</category>
      <category>exchangeserver</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2022-40684: Fortinet Multiple Products Authentication Bypass Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Fri, 26 Jun 2026 21:36:07 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2022-40684-fortinet-multiple-products-authentication-bypass-vulnerability-2g2n</link>
      <guid>https://dev.to/freedom-coder/cve-2022-40684-fortinet-multiple-products-authentication-bypass-vulnerability-2g2n</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2022-40684&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Fortinet Multiple Products Authentication Bypass Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Fortinet&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Multiple Products&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2022-10-11&lt;/li&gt;
&lt;li&gt;Due Date: 2022-11-01&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Known&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply updates per vendor instructions.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.fortiguard.com/psirt/FG-IR-22-377" rel="noopener noreferrer"&gt;https://www.fortiguard.com/psirt/FG-IR-22-377&lt;/a&gt;;  &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40684" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-40684&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/new-sharkloader-malware-deploys-cobalt-strike-in-strikeshark-cyberattacks/" rel="noopener noreferrer"&gt;New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/-thn-weekly-recap-top-cybersecurity-threats-tools-and-tips-27-january/" rel="noopener noreferrer"&gt;⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/15k-fortinet-device-configs-leaked-to-the-dark-web/" rel="noopener noreferrer"&gt;15K Fortinet Device Configs Leaked to the Dark Web&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/hackers-leak-configs-and-vpn-credentials-for-15000-fortigate-devices/" rel="noopener noreferrer"&gt;Hackers leak configs and VPN credentials for 15,000 FortiGate devices&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>fortinet</category>
      <category>multipleproducts</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2023-32315: Ignite Realtime Openfire Path Traversal Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Fri, 26 Jun 2026 21:35:06 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2023-32315-ignite-realtime-openfire-path-traversal-vulnerability-4495</link>
      <guid>https://dev.to/freedom-coder/cve-2023-32315-ignite-realtime-openfire-path-traversal-vulnerability-4495</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2023-32315&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Ignite Realtime Openfire Path Traversal Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Ignite Realtime&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Openfire&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2023-08-24&lt;/li&gt;
&lt;li&gt;Due Date: 2023-09-14&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.igniterealtime.org/downloads/#openfire" rel="noopener noreferrer"&gt;https://www.igniterealtime.org/downloads/#openfire&lt;/a&gt;;  &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2023-32315" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-32315&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/new-sharkloader-malware-deploys-cobalt-strike-in-strikeshark-cyberattacks/" rel="noopener noreferrer"&gt;New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/badpilot-network-hacking-campaign-fuels-russian-sandworm-attacks/" rel="noopener noreferrer"&gt;BadPilot network hacking campaign fuels Russian SandWorm attacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/microsoft-uncovers-sandworm-subgroups-global-cyber-attacks-spanning-15-countries/" rel="noopener noreferrer"&gt;Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>igniterealtime</category>
      <category>openfire</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2026-20230: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Thu, 25 Jun 2026 22:06:11 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-20230-cisco-unified-communications-manager-server-side-request-forgery-ssrf-4hnf</link>
      <guid>https://dev.to/freedom-coder/cve-2026-20230-cisco-unified-communications-manager-server-side-request-forgery-ssrf-4hnf</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-20230&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Cisco&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Unified Communications Manager&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-25&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-28&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) contain a server-side request forgery (SSRF) Vulnerability that could allow an unauthenticated, remote attacker to write files to the underlying operating system that could be used later to elevate to root.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cucm-ssrf-cXPnHcW.html" rel="noopener noreferrer"&gt;https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cucm-ssrf-cXPnHcW.html&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-20230" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-20230&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisco-finally-confirms-attackers-exploiting-unified-cm-flaw/" rel="noopener noreferrer"&gt;Cisco finally confirms attackers exploiting Unified CM flaw&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA sets urgent deadline to fix Cisco flaw exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>cisco</category>
      <category>unifiedcommunicationsmanager</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2026-12569: PTC Windchill and FlexPLM Improper Input Validation Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Thu, 25 Jun 2026 22:01:10 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-12569-ptc-windchill-and-flexplm-improper-input-validation-vulnerability-4al6</link>
      <guid>https://dev.to/freedom-coder/cve-2026-12569-ptc-windchill-and-flexplm-improper-input-validation-vulnerability-4al6</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-12569&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;PTC Windchill and FlexPLM Improper Input Validation Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;PTC&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Windchill and FlexPLM&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-25&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-28&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;PTC Windchill and FlexPLM contains an improper input validation vulnerability allowing an unauthenticated, remote attacker to execute arbitrary code by sending a malicious request to the network.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.ptc.com/en/support/article/CS473270" rel="noopener noreferrer"&gt;https://www.ptc.com/en/support/article/CS473270&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-12569" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-12569&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-adds-exploited-ptc-windchill-rce-flaw-to-kev-as-web-shell-attacks-continue/" rel="noopener noreferrer"&gt;CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-sets-urgent-deadline-to-fix-cisco-flaw-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA sets urgent deadline to fix Cisco flaw exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ptc</category>
      <category>windchillandflexplm</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2026-34908: Ubiquiti UniFi OS Improper Access Control Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Tue, 23 Jun 2026 22:08:41 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-34908-ubiquiti-unifi-os-improper-access-control-vulnerability-2mk3</link>
      <guid>https://dev.to/freedom-coder/cve-2026-34908-ubiquiti-unifi-os-improper-access-control-vulnerability-2mk3</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-34908&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS Improper Access Control Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Ubiquiti&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;UniFi OS&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-23&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-26&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b" rel="noopener noreferrer"&gt;https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34908" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-34908&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA warns of max severity Ubiquiti flaws exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-critical-lantronix-eds5000-flaw-is-being-actively-exploited/" rel="noopener noreferrer"&gt;CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ubiquiti</category>
      <category>unifios</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2026-34909: Ubiquiti UniFi OS Path Traversal Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Tue, 23 Jun 2026 22:06:10 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-34909-ubiquiti-unifi-os-path-traversal-vulnerability-3gh7</link>
      <guid>https://dev.to/freedom-coder/cve-2026-34909-ubiquiti-unifi-os-path-traversal-vulnerability-3gh7</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-34909&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS Path Traversal Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Ubiquiti&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;UniFi OS&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-23&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-26&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b" rel="noopener noreferrer"&gt;https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34909" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-34909&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA warns of max severity Ubiquiti flaws exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-critical-lantronix-eds5000-flaw-is-being-actively-exploited/" rel="noopener noreferrer"&gt;CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ubiquiti</category>
      <category>unifios</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2026-34910: Ubiquiti UniFi OS Improper Input Validation Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Tue, 23 Jun 2026 22:03:40 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2026-34910-ubiquiti-unifi-os-improper-input-validation-vulnerability-5616</link>
      <guid>https://dev.to/freedom-coder/cve-2026-34910-ubiquiti-unifi-os-improper-input-validation-vulnerability-5616</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2026-34910&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS Improper Input Validation Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Ubiquiti&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;UniFi OS&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-23&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-26&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b" rel="noopener noreferrer"&gt;https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2026-34910" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2026-34910&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA warns of max severity Ubiquiti flaws exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-critical-lantronix-eds5000-flaw-is-being-actively-exploited/" rel="noopener noreferrer"&gt;CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ubiquiti</category>
      <category>unifios</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2025-67038: Lantronix EDS5000 Code Injection Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Tue, 23 Jun 2026 22:01:09 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2025-67038-lantronix-eds5000-code-injection-vulnerability-3470</link>
      <guid>https://dev.to/freedom-coder/cve-2025-67038-lantronix-eds5000-code-injection-vulnerability-3470</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2025-67038&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Lantronix EDS5000 Code Injection Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Lantronix&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;EDS5000&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2026-06-23&lt;/li&gt;
&lt;li&gt;Due Date: 2026-06-26&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Lantronix EDS5000 contains a code injection vulnerability that could allow attackers to inject arbitrary OS commands into the username parameter. Injected commands are executed with root privileges.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032" rel="noopener noreferrer"&gt;https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/2538438657/Latest+Firmware+for+the+EDS5000+series+EDS5008+EDS5016+EDS5032&lt;/a&gt; ; BOD 26-04: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk&lt;/a&gt; ; Forensics Triage Requirements: &lt;a href="https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk" rel="noopener noreferrer"&gt;https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2025-67038" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2025-67038&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/" rel="noopener noreferrer"&gt;CISA warns of max severity Ubiquiti flaws exploited in attacks&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/cisa-warns-critical-lantronix-eds5000-flaw-is-being-actively-exploited/" rel="noopener noreferrer"&gt;CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>lantronix</category>
      <category>eds5000</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
    <item>
      <title>CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability</title>
      <dc:creator>Freedom Coder</dc:creator>
      <pubDate>Mon, 22 Jun 2026 17:30:03 +0000</pubDate>
      <link>https://dev.to/freedom-coder/cve-2025-24813-apache-tomcat-path-equivalence-vulnerability-3094</link>
      <guid>https://dev.to/freedom-coder/cve-2025-24813-apache-tomcat-path-equivalence-vulnerability-3094</guid>
      <description>&lt;h3&gt;
  
  
  CVE ID
&lt;/h3&gt;

&lt;p&gt;CVE-2025-24813&lt;/p&gt;

&lt;h3&gt;
  
  
  Vulnerability Name
&lt;/h3&gt;

&lt;p&gt;Apache Tomcat Path Equivalence Vulnerability&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Project: &lt;strong&gt;Apache&lt;/strong&gt;
&lt;/li&gt;
&lt;li&gt;Product: &lt;strong&gt;Tomcat&lt;/strong&gt;
&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Date
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;Date Added: 2025-04-01&lt;/li&gt;
&lt;li&gt;Due Date: 2025-04-22&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  Description
&lt;/h3&gt;

&lt;p&gt;Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request.&lt;/p&gt;

&lt;h3&gt;
  
  
  Known To Be Used in Ransomware Campaigns?
&lt;/h3&gt;

&lt;p&gt;Unknown&lt;/p&gt;

&lt;h3&gt;
  
  
  Action
&lt;/h3&gt;

&lt;p&gt;Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.&lt;/p&gt;

&lt;h3&gt;
  
  
  Additional Notes
&lt;/h3&gt;

&lt;p&gt;This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: &lt;a href="https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq" rel="noopener noreferrer"&gt;https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq&lt;/a&gt; ; &lt;a href="https://nvd.nist.gov/vuln/detail/CVE-2025-24813" rel="noopener noreferrer"&gt;https://nvd.nist.gov/vuln/detail/CVE-2025-24813&lt;/a&gt;&lt;/p&gt;

&lt;h3&gt;
  
  
  Related Security News
&lt;/h3&gt;

&lt;ul&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/stop-your-legacy-infrastructure-from-hijacking-your-ai-agents/" rel="noopener noreferrer"&gt;Stop Your Legacy Infrastructure from Hijacking Your AI Agents&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/brute-force-attacks-target-apache-tomcat-management-panels/" rel="noopener noreferrer"&gt;Brute-force attacks target Apache Tomcat management panels&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/critical-apache-roller-vulnerability-cvss-10.0-enables-unauthorized-session-persistence/" rel="noopener noreferrer"&gt;Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="https://www.scyscan.com/news/critical-flaw-in-apache-parquet-allows-remote-attackers-to-execute-arbitrary-code/" rel="noopener noreferrer"&gt;Critical Flaw in Apache Parquet Allows Remote Attackers to Execute Arbitrary Code&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;

&lt;h3&gt;
  
  
  More CVEs Info
&lt;/h3&gt;

&lt;p&gt;&lt;a href="https://www.scyscan.com/cves/" rel="noopener noreferrer"&gt;Common Vulnerabilities &amp;amp; Exposures (CVE) List&lt;/a&gt;&lt;/p&gt;

</description>
      <category>apache</category>
      <category>tomcat</category>
      <category>cybersecurity</category>
      <category>vulnerability</category>
    </item>
  </channel>
</rss>
