CYBER Threat Intelligence Reports
LATEST CTIs
CVE-2024-38475: Actively Exploited Apache HTTP Server Vulnerability
A critical vulnerability in Apache’s mod_rewrite module allows attackers to exploit unsafe rewrite rules by crafting URLs that access unintended filesystem paths. This flaw, tracked…
Read more >
CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader – Deserialization
Unauthenticated deserialization flaw in SAP NetWeaver (CVE-2025-31324) enables full remote code execution—OP Innovate’s dedicated WASP scanner is actively detecting exposures across enterprise environments.
Read more >
CVE-2025-31161: Critical Authentication Bypass in CrushFTP Exploited in the Wild
A critical authentication bypass vulnerability in CrushFTP, tracked as CVE-2025-31161, is being actively exploited in the wild. The flaw allows remote, unauthenticated attackers to impersonate…
Read more >
CVE-2025-34028: Unauthenticated Path Traversal in Commvault Command Center
On April 22, 2025, a critical path traversal vulnerability (CVE-2025-34028) was disclosed in Commvault Command Center Innovation Release 11.38. An unauthenticated attacker can upload a…
Read more >
Critical Vulnerability in ASUS Routers Using AiCloud (CVE-2025-2492)
A critical security flaw (CVE-2025-2492) has been discovered in ASUS routers running AiCloud, a feature that allows remote access to files and media via the…
Read more >
CISA: SonicWall VPN Vulnerability Actively Exploited in Attacks (CVE-2021-20035)
On April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-20035 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed reports of…
Read more >
