CYBER Threat Intelligence Reports
LATEST CTIs
CISA Adds Zimbra Collaboration Vulnerability (CVE-2024-27443) to Known Exploited Catalog
CVE-2024-27443 is an actively exploited XSS vulnerability in the Zimbra Collaboration Suite (ZCS), affecting versions 9.0 and 10.0. The flaw resides in the CalendarInvite feature…
Read more >
CISA: Recently Patched Chrome Bug is Being Actively Exploited (CVE-2025-4664)
CVE-2025-4664 is a high-severity vulnerability in the Loader component of Google Chrome, caused by insufficient policy enforcement. Successful exploitation allows a remote attacker to leak…
Read more >
CVE-2024-38475: Actively Exploited Apache HTTP Server Vulnerability
A critical vulnerability in Apache’s mod_rewrite module allows attackers to exploit unsafe rewrite rules by crafting URLs that access unintended filesystem paths. This flaw, tracked…
Read more >
CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader – Deserialization
Unauthenticated deserialization flaw in SAP NetWeaver (CVE-2025-31324) enables full remote code execution—OP Innovate’s dedicated WASP scanner is actively detecting exposures across enterprise environments.
Read more >
CVE-2025-31161: Critical Authentication Bypass in CrushFTP Exploited in the Wild
A critical authentication bypass vulnerability in CrushFTP, tracked as CVE-2025-31161, is being actively exploited in the wild. The flaw allows remote, unauthenticated attackers to impersonate…
Read more >
CVE-2025-34028: Unauthenticated Path Traversal in Commvault Command Center
On April 22, 2025, a critical path traversal vulnerability (CVE-2025-34028) was disclosed in Commvault Command Center Innovation Release 11.38. An unauthenticated attacker can upload a…
Read more >
