Emergency Response
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
Overview On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft ...
Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817)
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the arbitrary file read and SSRF vulnerabilities in Apache Kafka (CVE-2025-27817); Because the Apache Kafka client does not strictly ...
Multiple High-Risk Vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999)
Overview Recently, NSFOCUS CERT has detected that DataEase has issued a security bulletin to fix multiple high-risk vulnerabilities in DataEase (CVE-2025-49001/CVE-2025-49002/CVE-2025-48999). Combined use can achieve unauthorized code execution. At present, the vulnerability ...
VMware vCenter Server Command Execution Vulnerability (CVE-2025-41225)
Overview Recently, NSFOCUS CERT detected that VMware issued a security bulletin to fix the command execution vulnerability (CVE-2025-41225) of VMware vCenter Server; Due to an authenticated command execution vulnerability in VMware vCenter ...
Ivanti Endpoint Manager Mobile Authentication Bypass and Remote Code Execution Vulnerability (CVE-2025-4427/CVE-2025-4428)
Recently, NSFOCUS CERT detected that Ivanti issued a security advisory to fix the authentication bypass and remote code execution vulnerabilities (CVE-2025-4427/CVE-2025-4428) in Ivanti Endpoint Manager Mobile (EPMM). At present, both 2 vulnerabilities ...
Elastic Kibana Prototype Contamination Leads to Arbitrary Code Execution Vulnerability (CVE-2025-25014)
Overview Recently, NSFOCUS CERT detected that Elastic issued a security bulletin to fix the arbitrary code execution vulnerability caused by Elastic Kibana prototype contamination (CVE-2025-25014); Due to the prototype contamination problem in ...
Critical Patch Update Announcement in April for All Oracle Products
Overview On April 16, 2025, NSFOCUS CERT detected that Oracle officially released the Critical Patch Update (CPU) for April. A total of 390 vulnerabilities with different degrees were fixed this time. This ...
Microsoft’s April Security Update of High-Risk Vulnerabilities in Multiple Products
Overview On April 9, NSFOCUS CERT detected that Microsoft released a security update patch for April, fixing 126 security problems in widely used products such as Windows, Microsoft Office, Azure, Microsoft Edge ...
Vite Arbitrary File Read Vulnerability (CVE-2025-31486)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31486); Because the Vite development server does not strictly verify the path when ...
Vite Arbitrary File Read Vulnerability (CVE-2025-31125)
Overview Recently, NSFOCUS CERT detected that Vite issued a security bulletin to fix the Vite arbitrary file read vulnerability (CVE-2025-31125); Because the Vite development server does not strictly verify the path when ...
