Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

Read Time:27 Second

Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges.

perl-5.40.2-518.fc42

FEDORA-2025-30244ebfc7 Packages in this update: perl-5.40.2-518.fc42 Update description: Fixes CVE-2025-40909 - Clone dirhandles without fchdir Read More

July 10, 2025

perl-5.40.2-516.fc41

FEDORA-2025-f142899732 Packages in this update: perl-5.40.2-516.fc41 Update description: Fixes CVE-2025-40909 - Clone dirhandles without fchdir Read More

July 10, 2025

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

Posted by Egidio Romano on Jul 09 ---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities ----------------------------------------------------------------------------------...

July 10, 2025

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request...

July 9, 2025

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation Title:...

July 9, 2025

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution

Posted by KoreLogic Disclosures via Fulldisclosure on Jul 09 KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution...

July 9, 2025

Smashing Security podcast #425: Call of Duty: From pew-pew to pwned

As Texas floods, so does the internet – with dangerous lies

Ransomware Attack Stops Nova Scotia Power Meter Readings

AiLock ransomware: What you need to know

Microsoft Patch Tuesday: One Zero-Day and A Potential ‘Wormable’ Flaw

Yet Another Strava Privacy Leak

Chinese State-Sponsored Hacker Charged Over COVID-19 Research Theft

MacOS Infostealer AMOS Evolves with Backdoor for Persistent Access

M&S Chair Details Ransomware Attack, Declines to Confirm if Payment Was Made

Multiple Vulnerabilities in Cisco Products Could Allow for Arbitrary Code Execution

perl-5.40.2-518.fc42

perl-5.40.2-516.fc41

Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities

KL-001-2025-011: Schneider Electric EcoStruxure IT Data Center Expert Unauthenticated Server-Side Request Forgery

KL-001-2025-010: Schneider Electric EcoStruxure IT Data Center Expert Privilege Escalation

KL-001-2025-009: Schneider Electric EcoStruxure IT Data Center Expert Remote Command Execution