Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000018
[CVE-2025-47813] Wing
FTP Server Information Disclosure Vulnerability (CVSS v3.1: 4.3)
[Ransomware Exploitation: Unknown] When Wing
FTP Server uses a long value in the UID Cookie, it generates an error message containing sensitive information, leading to an information disclosure vulnerability.
[CVE-2025-66376] Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability (CVSS v3.1: 7.2)
[Ransomware Exploitation: Unknown] The Classic UI of Synacor Zimbra Collaboration Suite (ZCS) contains a Cross-Site Scripting vulnerability, allowing an attacker to abuse the Cascading Style Sheets (
CSS) @import directive in email
HTML.
[CVE-2026-20963] Microsoft SharePoint Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
[Ransomware Exploitation: Unknown] Microsoft SharePoint contains a deserialization of untrusted data vulnerability, allowing an unauthorized attacker to execute code over the network.
[CVE-2026-20131] Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 10.0)
[Ransomware Exploitation: Yes] Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in their web-based management interface, which could allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on the affected devices.
[CVE-2025-32432] Craft
CMS Code Injection Vulnerability (CVSS v3.1: 10.0)
[Ransomware Exploitation: Unknown] Craft
CMS contains a code injection vulnerability, allowing a remote attacker to execute arbitrary code.
[CVE-2025-54068] Laravel Livewire Code Injection Vulnerability (CVSS v3.1: 9.8)
[Ransomware Exploitation: Unknown] Laravel Livewire contains a code injection vulnerability, which may allow an unauthenticated attacker to achieve remote command execution under certain circumstances.
[CVE-2025-43510] Apple Multiple Products Improper Locking Vulnerability (CVSS v3.1: 7.8)
[Ransomware Exploitation: Unknown] Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability, which may allow a malicious application to cause unexpected changes to memory shared between processes.
[CVE-2025-43520] Apple Multiple Products Classic Buffer Overflow Vulnerability (CVSS v3.1: 5.5)
[Ransomware Exploitation: Unknown] Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability, which may allow a malicious application to cause abnormal system termination or write to kernel memory.
[CVE-2025-31277] Apple Multiple Products Buffer Overflow Vulnerability (CVSS v3.1: 8.8)
[Ransomware Exploitation: Unknown] Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability, which may allow the system to process maliciously crafted web content, leading to memory corruption.