#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls Inc. Equipment: FX80 and FX90 Vulnerability: Dependency on Vulnerable Third-Party Component 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to compromise the device's configuration files. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Johnson Controls products are affected: FX80: FX 14.10.10 FX80: FX 14.14.1 FX90: FX 14.10.10 FX90: FX 14.14.1 3.2 VULNERABILITY OVERVIEW 3.2.1 DEPENDENCY ON VULNERABLE THIRD-PARTY COMPONENT CWE-1395 The affected product is vulnerable to a vulnerable third-party component, which could allow an attacker to compromise device configuration files. CVE-2025-43867 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.7 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). A CVSS v4 score has also been calculated for CVE-2025-43867. A base score o...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAView Vulnerability: Improper Limitation of a Pathname to a Restricted Directory 2. RISK EVALUATION Successful exploitation of this vulnerability may allow a remote attacker to read or write files on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports the following versions of DIAView industrial automation management system for providing real-time system control are affected: DIAView: Versions 4.2.0.0 3.2 VULNERABILITY OVERVIEW 3.2.1 Improper Limitation of a Pathname to a Restricted Directory CWE-22 Delta Electronics DIAView is vulnerable to a path traversal vulnerability, which may allow an attacker to read or write files remotely on the system. CVE-2025-53417 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Packet Power Equipment: EMX, EG Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Packet Power products are affected: EMX: Versions prior to 4.1.0 EG: Versions prior to 4.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions. CVE-2025-8284 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been ca...

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances.

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions. The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug. "In an Exchange hybrid deployment, an

SonicWall has revealed that the recent spike in activity targeting its Gen 7 and newer firewalls with SSL VPN enabled is related to an older, now-patched bug and password reuse. "We now have high confidence that the recent SSL VPN activity is not connected to a zero-day vulnerability," the company said. "Instead, there is a significant correlation with threat activity related to CVE-2024-40766."

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

The Hague, Netherlands, 7th August 2025, CyberNewsWire