
Cisco has disclosed critical vulnerabilities in Identity Services Engine and ISE-PIC that could let a remote attacker execute code or access sensitive information. Fixes are available, and Cisco says there are no workarounds.
Tag archive

Cisco has disclosed critical vulnerabilities in Identity Services Engine and ISE-PIC that could let a remote attacker execute code or access sensitive information. Fixes are available, and Cisco says there are no workarounds.

Apache Tomcat CVE-2025-24813 is not a universal internet doom bug, but the right combination of write-enabled default servlet behavior and upload paths can still turn it into a serious exposure.

Roundcube CVE-2025-49113 pushed webmail security back into focus, reminding defenders that internet-facing communication platforms remain high-value targets when patching slips.

Next.js CVE-2025-66478 turned React Server Components security into a production emergency for App Router deployments and reminded teams that framework internals can become direct business risk.