image
image
image
Expertise Made Accessible

Protect your data, strengthen Your Cybersecurity

At Bexxo, we know that every business is unique. That's why our solutions, compliant with ISO 27001/27002 and NIST standards, are tailored to your needs, budget, and objectives. We ensure optimal security while simplifying your processes.

Free Cybersecurity Analysis

Request a free assessment of your cybersecurity.
Our team will contact you to perform a free analysis of your cybersecurity. No commitment on your part.
Thank you! A member of our team will contact you shortly to perform this free analysis.
Error! An error occurred while submitting the form.

Our Cybersecurity Services

Website Security

icon

01 Complete audit and vulnerability detection

We conduct an in-depth analysis of your website, compliant with ISO 2700x and NIST CSF standards, to identify and correct potential security flaws before they are exploited.

icon

02 Protection against attacks

We deploy robust defense measures to secure your site against attacks such as CSRF, SQL injections, and other common threats.

icon

03 Data security

We ensure the protection of your customers' sensitive data and secure online transactions on your website.

Enterprise Network Security

icon

01 Network infrastructure audit and analysis

We perform a thorough review of your security policies and network, in accordance with ISO 2700x and NIST CSF standards, to identify and correct potential vulnerabilities.

icon

02 Global IT infrastructure protection

We protect your entire IT system against internal and external threats, thus ensuring optimal security for your business.

icon

03 Securing access and sensitive data

We secure your critical access points and protect your confidential data to ensure its integrity.

Cybersecurity Protection

Our Cybersecurity Solutions

We analyze your entire IT infrastructure to identify potential flaws and improve the security of your connections, equipment, and protocols.
We conduct an in-depth diagnosis of your website to detect vulnerabilities and strengthen its protection against cyberattacks, such as SQL injections, XSS flaws, and brute-force attacks.
Our experts assist you in developing and optimizing your IT security policy. Together, we define a tailored strategy to secure your systems, reduce risks, and ensure your compliance with current regulations.
We implement advanced technologies to protect your infrastructures, networks, and sensitive data. From access management to information encryption, we ensure effective protection against cyber threats.
Bexxo?

Why choose Bexxo?

I

Certified Expertise

Our solutions are developed by cybersecurity experts who master industry best practices.

II

Personalized Support

We adapt our services to your specific needs, whether you are an SME or a large company.

III

Proactive Protection

We anticipate threats before they become a problem, thereby reducing risks and the impact of attacks.

Don't let your business be vulnerable to cyber threats. With Bexxo, secure your digital future today!
Our Latest News

Latest Thinking

Previous
Next
The first ransomware

The first ransomware

by: N. Ritler-08 oct. 2017

In order to fraudulently obtain over one billion dollars in 2016, hackers did not hesitate to flood the world with infected emails. More than 40...
View More Insights
Discover our company

How we collaborate with you

icon

Listening and understanding

We take the time to discuss your needs and objectives to fully understand your specific challenges.

icon

In-depth analysis

We examine your security policies, web systems, and network in detail to identify vulnerabilities.

icon

Correction and reinforcement

We deploy solutions to eliminate flaws and strengthen your defenses.

icon

Permanent vigilance

We ensure continuous monitoring and constantly adapt to evolving threats.

About the company
Web Package

Cybersecurity tailored to your challenges

Cyberattacks are becoming increasingly sophisticated and can have disastrous consequences for businesses: loss of critical data, reputational damage, regulatory penalties, and business interruptions. To avoid these risks, it is crucial to implement a robust and proactive cybersecurity strategy.

At Bexxo, we offer tailor-made protection solutions, adapted to your needs and compliant with the most demanding security standards, such as ISO 27001/27002 and NIST. Thanks to our expertise, we analyze, detect, and correct vulnerabilities in your infrastructure to ensure optimal protection.

Permanent Update

Stay ahead with the latest critical security vulnerabilities.

Previous
Next
10

CVE-2025-54863 - CRITICAL
04/11/2025

Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false a...

OWSAP: A04

>> Plus d'informations avec CVE Find

10

CVE-2025-61945 - CRITICAL
04/11/2025

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts...

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

10

CVE-2025-61956 - CRITICAL
04/11/2025

Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate fli...

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

9.8

CVE-2025-12682 - CRITICAL
04/11/2025

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload arbitrary JavaScript files on the affected site's server which may make remote code execution possible.

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

8.5

CVE-2025-11690 - HIGH
04/11/2025

An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors, model numbers, and fuel statistics belonging to other users, instead of being limited to their own ve...

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

9.8

CVE-2025-12493 - CRITICAL
04/11/2025

The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.2.5 via the 'load_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any...

directorytraversalOWSAP: A01

>> Plus d'informations avec CVE Find

8.8

CVE-2025-10896 - HIGH
04/11/2025

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authen...

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

9.8

CVE-2025-11007 - CRITICAL
04/11/2025

The CE21 Suite plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the wp_ajax_nopriv_ce21_single_sign_on_save_api_settings AJAX action in versions 2.2.1 to 2.3.1. This makes it possible for unauthenticated attackers to update the plugin's API settings including a secret key used for authentication. This allows unauthenticated attackers to...

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

9.8

CVE-2025-11008 - CRITICAL
04/11/2025

The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include ...

OWSAP: A09

>> Plus d'informations avec CVE Find

8.8

CVE-2025-11724 - HIGH
04/11/2025

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and missing authorization checks on the wp_ajax_embm-untappd-import action. This makes it possible for authenticated attackers, with subscriber-leve...

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

9.8

CVE-2025-12158 - CRITICAL
04/11/2025

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to elevate the role of any user account to administrator.

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

8.8

CVE-2025-27074 - HIGH
04/11/2025

Memory corruption while processing a GP command response.

>> Plus d'informations avec CVE Find
8.8

CVE-2025-43419 - HIGH
04/11/2025

The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously crafted web content may lead to memory corruption.

overflow

>> Plus d'informations avec CVE Find

8.8

CVE-2025-43431 - HIGH
04/11/2025

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to memory corruption.

>> Plus d'informations avec CVE Find
8.8

CVE-2025-43433 - HIGH
04/11/2025

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. Processing maliciously crafted web content may lead to memory corruption.

>> Plus d'informations avec CVE Find
8.8

CVE-2025-43505 - HIGH
04/11/2025

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Xcode 26.1. Processing a maliciously crafted file may lead to heap corruption.

overflow

>> Plus d'informations avec CVE Find

9.9

CVE-2025-0987 - CRITICAL
03/11/2025

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103.

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

9.8

CVE-2025-11953 - CRITICAL
03/11/2025

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled...

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.8

CVE-2025-12463 - CRITICAL
03/11/2025

An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.7

CVE-2025-60503 - HIGH
03/11/2025

A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper escaping in the admin log panel page in the 'reference No.' field. This flaw allows an authenticated attacker to execute arbitrary JavaScript in the context of an administrator's browser session, which c...

crosssitescriptingOWSAP: A03

>> Plus d'informations avec CVE Find

Contact Us

We will process your personal information in accordance with our privacy policy.

Thank you, your message has been sent successfully.
Error! The message could not be sent.