Vulnerabilities & Exploits | The Cortex Protocol

December Patch Tuesday - Three Microsoft Zero-Days Fixed

Microsoft patched 57 vulnerabilities including three actively exploited zero-days. CVE-2025-62221: Windows Cloud Files Mini Filter Driver privilege escalation—attackers elevate to SYSTEM level. CVE-20…

Category: Vulnerabilities & Exploits / Security Updates

#cve-2025-62221#cve-2025-64671#cve-2025-54100#microsoft#patch-tuesday#privilege-escalation#powershell-security#zero-day

CVE-2025-10573 - Ivanti EPM Stored XSS Enables Admin Session Hijack

Ivanti Endpoint Manager has critical stored XSS (CVE-2025-10573, CVSS 9.0) enabling admin session hijacking without authentication. Attackers inject malicious JavaScript via unauthenticated 'incomingd…

Category: Vulnerabilities & Exploits / Critical Vulnerabilities

#cve-2025-10573#ivanti-epm#stored-xss#admin-session-hijack#web-application-security#critical-vulnerability

CVE-2025-59718 & CVE-2025-59719 - Fortinet FortiCloud SSO Auth Bypass

Two critical Fortinet flaws (CVE-2025-59718 CVSS 9.6, CVE-2025-59719 CVSS 9.8) enable complete FortiCloud SSO authentication bypass. CVE-2025-59718 exploits improper session validation—attackers craft…

Category: Vulnerabilities & Exploits / Critical Vulnerabilities

#cve-2025-59718#cve-2025-59719#fortinet#fortios#authentication-bypass#saml-security#perimeter-security

CVE-2025-8110 - Gogs 0-Day Hits 700+ Self-Hosted Git Servers

Critical RCE in Gogs self-hosted Git platform (all versions before 0.14.0) actively exploited via argument injection in repository migration API. Attackers exploit CVE-2025-8110 (bypasses previous fix…

Category: Vulnerabilities & Exploits / Critical Vulnerabilities

#cve-2025-8110#gogs#git-security#remote-code-execution#zero-day#supershell#supply-chain-security