image
image
image
Expertise Made Accessible

Protect your data, strengthen Your Cybersecurity

At Bexxo, we know that every business is unique. That's why our solutions, compliant with ISO 27001/27002 and NIST standards, are tailored to your needs, budget, and objectives. We ensure optimal security while simplifying your processes.

Free Cybersecurity Analysis

Request a free assessment of your cybersecurity.
Our team will contact you to perform a free analysis of your cybersecurity. No commitment on your part.
Thank you! A member of our team will contact you shortly to perform this free analysis.
Error! An error occurred while submitting the form.

Our Cybersecurity Services

Website Security

icon

01 Complete audit and vulnerability detection

We conduct an in-depth analysis of your website, compliant with ISO 2700x and NIST CSF standards, to identify and correct potential security flaws before they are exploited.

icon

02 Protection against attacks

We deploy robust defense measures to secure your site against attacks such as CSRF, SQL injections, and other common threats.

icon

03 Data security

We ensure the protection of your customers' sensitive data and secure online transactions on your website.

Enterprise Network Security

icon

01 Network infrastructure audit and analysis

We perform a thorough review of your security policies and network, in accordance with ISO 2700x and NIST CSF standards, to identify and correct potential vulnerabilities.

icon

02 Global IT infrastructure protection

We protect your entire IT system against internal and external threats, thus ensuring optimal security for your business.

icon

03 Securing access and sensitive data

We secure your critical access points and protect your confidential data to ensure its integrity.

Discover our company

How we collaborate with you

icon

Listening and understanding

We take the time to discuss your needs and objectives to fully understand your specific challenges.

icon

In-depth analysis

We examine your security policies, web systems, and network in detail to identify vulnerabilities.

icon

Correction and reinforcement

We deploy solutions to eliminate flaws and strengthen your defenses.

icon

Permanent vigilance

We ensure continuous monitoring and constantly adapt to evolving threats.

About the company
Web Package

Cybersecurity tailored to your challenges

Cyberattacks are becoming increasingly sophisticated and can have disastrous consequences for businesses: loss of critical data, reputational damage, regulatory penalties, and business interruptions. To avoid these risks, it is crucial to implement a robust and proactive cybersecurity strategy.

At Bexxo, we offer tailor-made protection solutions, adapted to your needs and compliant with the most demanding security standards, such as ISO 27001/27002 and NIST. Thanks to our expertise, we analyze, detect, and correct vulnerabilities in your infrastructure to ensure optimal protection.

Cybersecurity Protection

Our Cybersecurity Solutions

We analyze your entire IT infrastructure to identify potential flaws and improve the security of your connections, equipment, and protocols.
We conduct an in-depth diagnosis of your website to detect vulnerabilities and strengthen its protection against cyberattacks, such as SQL injections, XSS flaws, and brute-force attacks.
Our experts assist you in developing and optimizing your IT security policy. Together, we define a tailored strategy to secure your systems, reduce risks, and ensure your compliance with current regulations.
We implement advanced technologies to protect your infrastructures, networks, and sensitive data. From access management to information encryption, we ensure effective protection against cyber threats.
Bexxo?

Why choose Bexxo?

I

Certified Expertise

Our solutions are developed by cybersecurity experts who master industry best practices.

II

Personalized Support

We adapt our services to your specific needs, whether you are an SME or a large company.

III

Proactive Protection

We anticipate threats before they become a problem, thereby reducing risks and the impact of attacks.

Don't let your business be vulnerable to cyber threats. With Bexxo, secure your digital future today!
Permanent Update

Discover the latest critical CVEs published.

Previous
Next
8.7

CVE-2025-8159 - HIGH
25/07/2025

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. This issue affects the function formLanguageChange of the file /goform/formLanguageChange of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vu...

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8160 - HIGH
25/07/2025

A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8140 - HIGH
25/07/2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formWlanMultipleAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8139 - HIGH
25/07/2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been classified as critical. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8138 - HIGH
25/07/2025

A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formOneKeyAccessButton of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8136 - HIGH
25/07/2025

A vulnerability, which was classified as critical, was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected is an unknown function of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8137 - HIGH
25/07/2025

A vulnerability has been found in TOTOLINK A702R 4.0.0-B20230721.1521 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

8.8

CVE-2025-5831 - HIGH
25/07/2025

The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

8.8

CVE-2025-5835 - HIGH
25/07/2025

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitra...

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

8.7

CVE-2025-8131 - HIGH
25/07/2025

A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

overflow

>> Plus d'informations avec CVE Find

9.8

CVE-2015-10143 - CRITICAL
25/07/2025

The Platform theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the *_ajax_save_options() function in all versions up to 1.4.4 (exclusive). This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registra...

authorisationproblemOWSAP: A01

>> Plus d'informations avec CVE Find

8.8

CVE-2015-10144 - HIGH
25/07/2025

The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possi...

fileinclusionOWSAP: A04

>> Plus d'informations avec CVE Find

9.8

CVE-2019-25224 - CRITICAL
25/07/2025

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.

oscommandinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.3

CVE-2025-7742 - HIGH
24/07/2025

An authentication vulnerability exists in the LG Innotek camera model LNV5110R firmware that allows a malicious actor to upload an HTTP POST request to the devices non-volatile storage. This action may result in remote code execution that allows an attacker to run arbitrary commands on the target device at the administrator privilege level.

OWSAP: A07

>> Plus d'informations avec CVE Find

9.3

CVE-2025-32429 - CRITICAL
24/07/2025

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, it's possible for anyone to inject SQL using the parameter sort of the getdeleteddocuments.vm. It's injected as is as an ORDER BY value. This is fixed in versions 16.10.6 and 17.3.0-rc-1.

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

8.5

CVE-2025-53940 - HIGH
24/07/2025

Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not constant-time comparison function for token verification. This allowed for a potential timing attack where an attacker would try different token...

>> Plus d'informations avec CVE Find
8.9

CVE-2025-54379 - HIGH
24/07/2025

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the tab...

sqlinjectionOWSAP: A03

>> Plus d'informations avec CVE Find

9.3

CVE-2025-6260 - CRITICAL
24/07/2025

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset user credentials by manipulating specific elements of the embedded web interface.

authorisationproblemOWSAP: A07

>> Plus d'informations avec CVE Find

8.7

CVE-2025-6998 - HIGH
24/07/2025

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

>> Plus d'informations avec CVE Find
8.8

CVE-2025-25214 - HIGH
24/07/2025

A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.

>> Plus d'informations avec CVE Find

Contact Us

We will process your personal information in accordance with our privacy policy.

Thank you, your message has been sent successfully.
Error! The message could not be sent.