NVD disclosure day

Published threat advisories for September 17, 2025

CVE advisoryCRITICAL

CVE-2025-10439

Yordam Library Automation System SQL Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical SQL injection vulnerability exists in the Yordam Library Automation System, allowing remote attackers to manipulate its database. This could lead to unauthorized access, modification, or deletion of sensitive library data. Confirmation of the system's presence and network accessibility is necessary to assess

NVD published:

CVE advisoryKnown Exploit

CVE-2025-9242

WatchGuard Fireware OS: Remote Code Execution Risk

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Certain WatchGuard Fireware OS versions contain an out-of-bounds write vulnerability. This could allow a remote attacker to execute arbitrary code, affecting VPN services. The risk involves potential unauthorized access and control over network infrastructure. Mitigation is advised.

NVD published: • CISA KEV