Protégez vos données, renforcez Votre Cybersécurité
Nos Services de Cybersécurité
Sécurité des Sites Internet
01 Audit complet et détection des vulnérabilités
Nous réalisons une analyse approfondie de votre site web, conforme aux normes ISO 2700x et NIST CSF, pour identifier et corriger les failles de sécurité potentielles avant qu'elles ne soient exploitées.
02 Protection contre les attaques
Nous déployons des mesures de défense solides pour sécuriser votre site face aux attaques telles que les CSRF, les injections SQL, ainsi qu'à d'autres menaces courantes.
03 Sécurisation des données
Nous veillons à protéger les données sensibles de vos clients et à sécuriser les transactions en ligne sur votre site web.
Sécurité des Réseaux d'Entreprise
01 Audit et Analyse de l'infrastructure réseau
Nous effectuons un examen approfondi de vos politiques de sécurité et de votre réseau, conformément aux normes ISO 2700x et NIST CSF, afin de repérer et corriger les vulnérabilités potentielles.
02 Protection globale de l'infrastructure IT
Nous protégeons l'ensemble de votre système informatique contre les menaces internes et externes, garantissant ainsi une sécurité optimale pour votre entreprise.
03 Sécurisation des accès et des données sensibles
Nous sécurisons vos accès critiques et protégeons vos données confidentielles pour garantir leur intégrité.
Nos solutions de Cybersécurité
Nous analysons l’ensemble de votre infrastructure informatique pour identifier les failles potentielles et améliorer la sécurité de vos connexions, équipements et protocoles.
Nous réalisons un diagnostic approfondi de votre site web pour détecter les vulnérabilités et renforcer sa protection contre les cyberattaques, telles que les injections SQL, les failles XSS et les attaques par force brute.
Nos experts vous accompagnent dans l’élaboration et l’optimisation de votre politique de sécurité informatique. Nous définissons ensemble une stratégie adaptée pour sécuriser vos systèmes, réduire les risques et garantir votre conformité aux réglementations en vigueur.
Nous mettons en place des technologies avancées pour protéger vos infrastructures, réseaux et données sensibles. De la gestion des accès au chiffrement des informations, nous assurons une protection efficace contre les menaces cybernétiques.
Pourquoi choisir Bexxo ?
Dernières actualités
Comment nous collaborons avec vous
Écoute et compréhension
Nous prenons le temps de discuter de vos besoins et de vos objectifs afin de bien comprendre vos enjeux spécifiques.
Analyse approfondie
Nous examinons en détail vos politiques de sécurité, vos systèmes web et réseau pour repérer les vulnérabilités.
Correction et renforcement
Nous déployons des solutions pour éliminer les failles et renforcer vos défenses.
Vigilance permanente
Nous garantissons une surveillance continue et nous nous adaptons constamment à l'évolution des menaces.
Une cybersécurité adaptée à vos enjeux
Les cyberattaques sont de plus en plus sophistiquées et peuvent avoir des conséquences désastreuses pour les entreprises : perte de données critiques, atteinte à la réputation, sanctions réglementaires et interruptions d'activité. Pour éviter ces risques, il est crucial de mettre en place une stratégie de cybersécurité robuste et proactive.
Chez Bexxo, nous offrons des solutions de protection sur-mesure, adaptées à vos besoins et conformes aux normes de sécurité les plus exigeantes, telles que ISO 27001/27002 et NIST. Grâce à notre expertise, nous analysons, détectons et corrigeons les vulnérabilités de votre infrastructure pour assurer une protection optimale.
Restez en avance avec les dernières failles critiques de sécurité.
CVE-2026-25746 - HIGH
25/02/2026
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.
sqlinjectionOWSAP: A03
CVE-2026-24908 - CRITICAL
25/02/2026
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows authenticated users with API access to execute arbitrary SQL queries through the `_sort` parameter. This could potentially lead to database access, PHI (Protected Health Information) exposure, and cre...
sqlinjectionOWSAP: A03
CVE-2026-21902 - CRITICAL
25/02/2026
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally expos...
CVE-2026-27728 - CRITICAL
25/02/2026
OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell metacharacters into a monitor's destination field. Version 10.0.7 fixes the vulnerability.
oscommandinjectionOWSAP: A03
CVE-2026-20129 - CRITICAL
25/02/2026
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin role. The vulnerability is due to improper authentication for requests that are sent to the API. An attacker could exploit this vulnerability by sending a crafted request to the API of an affected...
authorisationproblemOWSAP: A07
CVE-2026-20127 - CRITICAL
25/02/2026
A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is n...
authorisationproblemOWSAP: A07
CVE-2026-20126 - HIGH
25/02/2026
A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit coul...
CVE-2026-27730 - HIGH
25/02/2026
esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh’s `/http(s)` fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains. This allows an external requester to make the esm.sh server fetch...
ssrfOWSAP: A10
CVE-2026-27702 - CRITICAL
25/02/2026
Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier accounts) to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud (SaaS) - self-hosted deployments use native Couc...
codeinjectionOWSAP: A03
CVE-2026-27700 - HIGH
25/02/2026
Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorrectly selected the first value from the `X-Forwarded-For` header. Because AWS ALB appends the real client IP address to the end of the `X-Forwarded-For...
OWSAP: A07OWSAP: A08
CVE-2025-1242 - CRITICAL
25/02/2026
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicious control.
OWSAP: A07
CVE-2026-27699 - CRITICAL
25/02/2026
The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.
directorytraversalOWSAP: A01
CVE-2026-28193 - HIGH
25/02/2026
In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint
authorisationproblemOWSAP: A01
CVE-2026-2624 - CRITICAL
25/02/2026
Missing Authentication for Critical Function vulnerability in ePati Cyber Security Technologies Inc. Antikor Next Generation Firewall (NGFW) allows Authentication Bypass.This issue affects Antikor Next Generation Firewall (NGFW): from v.2.0.1298 before v.2.0.1301.
authorisationproblemOWSAP: A07
CVE-2025-67601 - HIGH
25/02/2026
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts.
authorisationproblemOWSAP: A07
CVE-2025-62878 - CRITICAL
25/02/2026
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories.
OWSAP: A01
CVE-2026-1929 - HIGH
25/02/2026
The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of `call_user_func_array()` with user-controlled callback and parameters in the `get_select_option_values()` AJAX handler without an allowlist of permitted callbacks or a capability check. This makes it possible for authenticated attackers, with Con...
codeinjectionOWSAP: A03
CVE-2026-3169 - HIGH
25/02/2026
A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
overflow
CVE-2026-3167 - HIGH
25/02/2026
A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
overflow
CVE-2026-3166 - HIGH
25/02/2026
A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
overflow