Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ionix

Exploited! Grafana CVE-2025-4123 - Open Redirect & Stored XSS Give Attackers a Springboard Into Your Cloud

May 22, 2025 By Amit Sheps In IONIX
Grafana—the cloud-native observability dashboard almost every DevOps team relies on—rushed out Grafana 12.0.0-security-01 yesterday to squash CVE-2025-4123, a high-severity open-redirect and stored cross-site scripting (XSS) vulnerability. When chained with the popular Grafana Image Renderer plugin the bug escalates to a full-read server-side request forgery (SSRF), exposing cloud-metadata services and internal APIs.
Read Post
cloudflare

Resolving a request smuggling vulnerability in Pingora

May 22, 2025 By Edward Wang In Cloudflare
On April 11, 2025 09:20 UTC, Cloudflare was notified via its Bug Bounty Program of a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework discovered by a security researcher experimenting to find exploits using Cloudflare’s Content Delivery Network (CDN) free tier which serves some cached assets via Pingora.
Read Post
Arctic Wolf

Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

May 22, 2025 By Andres Ramos In Arctic Wolf
On May 21, 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container escapes. Versa Concerto is a centralized management platform used to manage Versa’s SD-WAN and SASE services. It is a Spring Boot-based application deployed via Docker containers and routed through Traefik.
Read Post

CVE-2025-31324: Critical SAP Flaw Exposes Systems to Remote Attacks

May 22, 2025 By Indusface In Indusface
Active exploit targets SAP NetWeaver via unauthenticated remote code execution. This flaw allows unauthenticated attackers to upload and execute arbitrary files, leading to complete system compromise. In this video, we break down how the vulnerability works, why it’s dangerous, and what steps you must take to secure your systems.
View Video
Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

May 22, 2025 By SecuritySenses In SecuritySenses
Penetration testing costs in the UK and EU can range from a few thousand pounds to well over £20,000. At a glance, many of these tests look the same. So why the price gap? In 2025, pricing models haven't changed much. Most tests are still priced per day, but the complexity of what's being tested has changed. The rise of custom internal tools (many "vibe coded" by non-IT or security teams), shadow IT, SaaS stacks, and cloud sprawl means that scoping a pen test properly takes more time and care.
Read Post
Snyk

Security Testing for Single-Page Applications (SPAs)

May 21, 2025 By Tiago Mendo In Snyk
When developing a web application, dev teams can choose from two fundamental design patterns: Single-Page Applications (SPAs) or traditional Multi-Page Applications (MPAs). Deciding which one to use can depend on multiple factors, but more and more companies are developing SPAs since they can provide a smoother user experience (UX), which, in turn, might just result in better user adoption.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.