BaseFortify.eu
LightNews LightNews
banner
basefortify.bsky.social
BaseFortify.eu
@basefortify.bsky.social
46 followers 130 following 390 posts
🔐 BaseFortify.eu
Stay ahead of cybersecurity threats with BaseFortify.eu – your trusted platform for vulnerability management and CVE reports. Tailored solutions for SMBs and enterprises.
#CyberSecurity #VulnerabilityManagement #Exploit #CVE #InfoSec
Posts Replies Media Videos
Pinned
basefortify.bsky.social
BaseFortify.eu @basefortify.bsky.social · Oct 6
🚀 New video: Getting Started 01 — Add Assets & Review Threats

BaseFortify is an agentless vulnerability & risk platform that turns CVEs into a prioritized queue. Add assets, see KEV/EPSS matches and track. Includes A.I. Assistance + status workflow

Watch: youtu.be/VDai8Ts5Jz8

#CyberSecurity #CVE
Getting Started 01 — Add Assets & Review Threats (BaseFortify.eu)
YouTube video by BaseFortify
youtu.be
basefortify.bsky.social
🚨 Two critical CVSS 10.0 vulnerabilities hit SAP systems this month. Remote code execution, credential leaks, and full compromise are all on the table.

🔗 Read our full breakdown:
basefortify.eu/posts/2025/1...

#SAP #CyberSecurity #Vulnerability
The SAP logo in white and purple against a gradient blue and pink background, representing SAP enterprise software
November 11, 2025 at 10:31 AM
basefortify.bsky.social
🚨 CVE-2025-42890 (CVSS 10.0)

💀 Hard-coded credentials in SAP SQL Anywhere Monitor let attackers gain full remote control. Immediate patching required — this one’s critical!

🔗 basefortify.eu/cve_reports/2025/11/cve-2025-42890.html

#SAP #RCE #CVE #CyberSecurity #BaseFortify
The SAP logo in white and purple against a gradient blue and pink background, representing SAP enterprise software
November 11, 2025 at 9:52 AM
basefortify.bsky.social
🔐 CVE-2025-31719 (CVSS 5.1)

📱 Android TEE flaw leaks ECDSA secrets via side-channels. Hard to exploit but vital for protecting crypto operations. Patch promptly.

🔗 basefortify.eu/cve_reports/2025/11/cve-2025-31719.html

#Android #Crypto #CVE #TEE #Security #BaseFortify
A smartphone screen displaying the Android logo with a colorful blurred background, symbolizing the Android operating system
November 11, 2025 at 9:52 AM
basefortify.bsky.social
⚡ CVE-2025-7429 (CVSS 7.3)

🧨 XSS in Zoho ManageEngine Exchange Reporter Plus allows script injection in reports. Patch fast to stop data theft or session hijacks.

🔗 basefortify.eu/cve_reports/2025/11/cve-2025-7429.html

#Zoho #XSS #CVE #CyberSecurity #BaseFortify
The Zoho logo featuring four interlocking colored squares in red, green, blue, and yellow, symbolizing Zoho’s suite of business tools
November 11, 2025 at 9:51 AM
basefortify.bsky.social
🚨 CVE-2025-64492 — SuiteCRM (CVSS 8.8)
Authenticated SQL injection flaw allows attackers to extract data or escalate privileges. Fixed in 8.9.1. 🛡️

🔗 basefortify.eu/cve_reports/...

#CVE #SuiteCRM #SQLi #CyberSecurity #PatchNow
suitecrm logo on purple background
November 10, 2025 at 10:59 AM
basefortify.bsky.social
☁️ CVE-2025-12613 — Cloudinary SDK (CVSS 8.8)
Argument injection lets attackers bypass validation or manipulate requests. Upgrade to SDK 2.7.0+ immediately. ⚠️

🔗 basefortify.eu/cve_reports/...

#CVE #Cloudinary #WebSecurity #CyberSecurity #UpdateNow
cloudinary logo on blue gradient
November 10, 2025 at 10:58 AM
basefortify.bsky.social
⚡ CVE-2025-64486 — Calibre (CVSS 9.3)
Opening or converting malicious FB2 files can trigger arbitrary file writes, potentially leading to RCE. Update to 8.14.0 now. 🚀

🔗 basefortify.eu/cve_reports/...

#CVE #Calibre #CyberSecurity #RCE #PatchNow
calibre books logo
November 10, 2025 at 10:58 AM
basefortify.bsky.social
🚨 CVE-2025-12779 — Amazon WorkSpaces (CVSS 8.8)
Auth tokens may leak to other local users on shared Linux systems. Upgrade to 2025.0+ to prevent session hijacking ⚠️

basefortify.eu/cve_reports/...

#CVE #Amazon #Workspace #TokenLeak #PatchNow
Amazon logo with the yellow smile/arrow on a dark glitch-textured background
November 6, 2025 at 8:41 AM
basefortify.bsky.social
🚨 CVE-2025-45378 — Dell CloudLink (CVSS 9.1)
Privileged users can break out of restricted shell and escalate to full system access via SSH. Patch ASAP to prevent takeover ⚠️

basefortify.eu/cve_reports/...

#CVE #Dell #PrivilegeEscalation #CloudSecurity #PatchNow
Dell CloudLink logo on a dark red abstract digital background
November 6, 2025 at 8:40 AM
basefortify.bsky.social
🚨 CVE-2025-63601 — Snipe-IT (CVSS 9.9)
Authenticated users can upload malicious backups and run system commands. Update to 8.3.3+ to fix remote code execution ⚠️

basefortify.eu/cve_reports/...

#CVE #SnipeIT #RCE #OpenSource #CyberSecurity
Snipe-IT logo featuring a punk-style mascot with purple star face paint
November 6, 2025 at 8:38 AM
basefortify.bsky.social
🚨 New blog post: Over 14,000 Cisco routers are still infected with the BadCandy backdoor. Attackers are exploiting CVE-2023-20198 to gain full control 🛠️

🔗 basefortify.eu/posts/2025/1...

#cybersecurity #CVE202320198 #infosec
Cisco logo superimposed on a dark background with red streaks and purple and blue highlights.
November 5, 2025 at 5:14 PM
basefortify.bsky.social
🚨 CVE-2025-62225 — Sony Optical Disc Archive (CVSS 8.4)
Unquoted service path lets local users run code as SYSTEM. Update your Sony archive software now to prevent escalation.

🔗 basefortify.eu/cve_reports/...

#CVE #Sony #PrivilegeEscalation #CyberSecurity
Sony Optical Disc Archive software logo
November 5, 2025 at 8:58 AM
basefortify.bsky.social
🔥 CVE-2025-64109 — Cursor AI Code Editor (CVSS 8.8)
Malicious MCP config triggers remote code execution when cloning a repo. Fixed in 2025.09.17-25b418f — update now.

🔗 basefortify.eu/cve_reports/...

#CVE #Cursor #RCE #SupplyChainSecurity
Cursor logo on black background
November 5, 2025 at 8:58 AM
basefortify.bsky.social
🛑 CVE-2025-64151 — Roboticsware Products (CVSS 8.4)
Unquoted Windows service path lets attackers gain SYSTEM privileges. Patch Roboticsware BA-Panel6 and related tools.

🔗 basefortify.eu/cve_reports/...

#CVE #Roboticsware #PrivilegeEscalation #Infosec
Roboticsware UI screenshot with factory robots
November 5, 2025 at 8:57 AM
basefortify.bsky.social
🎨 CVE-2025-10920 — GIMP ⚡
Malformed ICNS files can trigger out-of-bounds writes and remote code execution (CVSS 7.8). Avoid opening untrusted files until patched. 🚨

🔗 basefortify.eu/cve_reports/...

#CVE #GIMP #Linux #RCE #CyberSecurity #PatchNow
GIMP mascot “Wilber” on a dark background holding a paintbrush; official GIMP logo
October 30, 2025 at 9:57 AM
basefortify.bsky.social
🧰 CVE-2025-64131 — Jenkins SAML Plugin ⚡
Replay attack flaw (CVSS 7.5) allows attackers to impersonate users via captured authentication tokens. Update or disable SAML Plugin ≤4.583. 🔒

🔗 basefortify.eu/cve_reports/...

#CVE #Jenkins #DevSecOps #CyberSecurity #PatchNow
Jenkins CI butler logo on blue background with the word “Jenkins.”
October 30, 2025 at 9:56 AM
basefortify.bsky.social
🌐 CVE-2025-62229 — X.Org Xwayland ⚡
Use-after-free in Present extension can crash or lead to code execution (CVSS 7.3). Update to the latest X.Org Server or distro patch. 🧩

🔗 basefortify.eu/cve_reports/...

#CVE #Xorg #Linux #CyberSecurity #PatchNow
Yellow circle with a rough white “W”, representing Wayland/X.Org graphics stack
October 30, 2025 at 9:55 AM
basefortify.bsky.social
Notice: CVE-2025-11447 in GitLab CE/EE allows unauthenticated GraphQL DoS via crafted JSON; fixed in 18.3.5, 18.4.3, 18.5.1. Update today 🛠️

basefortify.eu/cve_reports/...

#CVE #GitLab #DevSecOps #DoS #PatchNow #BaseFortify
GitLab logo on dark dotted world map background
October 27, 2025 at 11:24 AM
basefortify.bsky.social
Heads up: CVE-2025-12220 — BusyBox 1.31.1 carries multiple known vulns used across routers and IoT stacks; update builds and vendors still bundling it. 🔧

basefortify.eu/cve_reports/...

#CVE #BusyBox #IoTSecurity #Linux #PatchNow #BaseFortify
BusyBox banner in dark blue with the word busybox
October 27, 2025 at 11:23 AM
basefortify.bsky.social
🚨 Critical: CVE-2025-12275 in Azure Access Terminal (BLU-IC2/BLU-IC4) enables mail config tampering and command execution; versions through 1.19.5 affected. Patch now ⚠️

basefortify.eu/cve_reports/...

#CVE #Security #Azure #OT #PatchNow #BaseFortify
Azure Access Terminal logo on white background
October 27, 2025 at 11:22 AM
basefortify.bsky.social
🚨 NCSC warns: A critical flaw in Microsoft WSUS (CVE-2025-59287) is being actively exploited. Microsoft has issued an emergency patch — apply it immediately. ⚠️

🔗 Read more:
basefortify.eu/posts/2025/1...

#CyberAlert #WindowsServer #Infosec #PatchNow #Cybersecurity #NCSC #VulnerabilityManagement
October 24, 2025 at 5:25 PM
basefortify.bsky.social
💬 CVE-2025-62820 — Slack Nebula 🌐
A CIDR handling flaw (CVSS 4.9) allows arbitrary IPs inside Nebula networks — reducing trust boundaries. Update to 1.9.7+ today! 🚨

🔗 basefortify.eu/cve_reports/...

#CVE #Slack #Nebula #CyberSecurity #NetworkSecurity
Slack logo on purple background with bright network visuals
October 23, 2025 at 7:54 AM
basefortify.bsky.social
🍃 CVE-2025-11575 — MongoDB Atlas SQL ODBC Driver ⚡
Incorrect default permissions (CVSS 8.8) let attackers escalate privileges on Windows systems. Update your drivers now! 🔒

🔗 basefortify.eu/cve_reports/...

#CVE #MongoDB #CyberSecurity #PrivilegeEscalation #PatchNow
MongoDB logo with stylized green leaves and digital chip
October 23, 2025 at 7:53 AM
basefortify.bsky.social
🌍 CVE-2025-57870 — Esri ArcGIS Server 🚨
A critical SQL Injection flaw (CVSS 10.0) lets unauthenticated attackers run arbitrary SQL commands! Data theft or deletion possible — patch fast! 🚀

🔗 basefortify.eu/cve_reports/...

#CVE #Esri #ArcGIS #CyberSecurity #SQLInjection
Esri logo on a glowing world map with network lines
October 23, 2025 at 7:53 AM
basefortify.bsky.social
💾 CVE-2025-11949 — Digiwin EasyFlow
A missing authentication flaw (CVSS 8.7) allows attackers to grab DB admin credentials remotely. Business-critical exposure — update and rotate passwords now! 🧱

🔗 basefortify.eu/cve_reports/...

#CVE #Digiwin #CyberSecurity #DataProtection
DigiwinSoft logo in red and black
October 21, 2025 at 8:14 AM