Ars Technica

Zyxel silently patches command injection vulnerability with 9.8 severity rating

Baines said that Rapid7 notified Zyxel of the vulnerability on April 13 and that the two parties agreed to provide a coordinated disclosure, including the fix, on June 21. The researcher went on to ...
Bleeping Computer

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root ...