Aggregator

CVE-2025-3582 | Newsletter Plugin up to 8.84 on WordPress Form Setting cross site scripting (EUVD-2025-17434)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in Newsletter Plugin up to 8.84 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Form Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-3582. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2018-12071 | CodeIgniter up to 3.1.8 Session Library session fixiation (EUVD-2022-3879)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in CodeIgniter up to 3.1.8. It has been rated as critical. This issue affects some unknown processing of the component Session Library. The manipulation leads to session fixiation. The identification of this vulnerability is CVE-2018-12071. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5863 | Tenda AC5 15.03.06.47 /goform/SetRebootTimer formSetRebootTimer rebootTime stack-based overflow (EUVD-2025-17437)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-5863. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5865 | RT-Thread 5.1.0 Parameter lwp_syscall.c sys_select timeout memory corruption (Issue 10298 / EUVD-2025-17440)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. This vulnerability is handled as CVE-2025-5865. Access to the local network is required for this attack. There is no exploit available. The vendor explains, that "[t]he timeout parameter should be checked to check if it can be accessed correctly in kernel mode and used temporarily in kernel memory."
vuldb.com

CVE-2024-9407 | Red Hat Enterprise Linux/OpenShift Container Platform Bind-propagation Option mount input validation (EUVD-2024-3036 / Nessus ID 209515)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Red Hat Enterprise Linux and OpenShift Container Platform. It has been rated as problematic. This issue affects some unknown processing of the component Bind-propagation Option. The manipulation of the argument mount leads to improper input validation. The identification of this vulnerability is CVE-2024-9407. Local access is required to approach this attack. There is no exploit available.
vuldb.com

CVE-2025-5893 | Honding Smart Parking Management System up to 1.4 exposure of sensitive system information to an unauthorized control sphere (EUVD-2025-17439)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Honding Smart Parking Management System up to 1.4. Affected by this issue is some unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is handled as CVE-2025-5893. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-5866 | RT-Thread 5.1.0 lwp_syscall.c sys_sigprocmask how array index (Issue 10300 / EUVD-2025-17438)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2025-5866. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com

Malicious npm Utility Packages Enable Attackers to Wipe Production Systems(link is external)

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 3 weeks ago

Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias “botsailer” with the associated email anupm019@gmail[.]com, these packages represent a shift from traditional data theft to outright sabotage. New Wave of Sabotage […]

The post Malicious npm Utility Packages Enable Attackers to Wipe Production Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Weekly Update 455(link is external)

Troy Hunt
2 months 3 weeks ago

The bot-fighting is a non-stop battle. In this week's video, I discuss how we're tweaking Cloudflare Turnstile and combining more attributes around how bot-like requests are, and... it almost worked. Just as I was preparing to write this intro, I found a small spike of anomalous

Troy Hunt

CVE-2024-26342 | Asus AC68U 3.0.0.4.384.82230 Network Packet usr/sbin/httpd null pointer dereference (EUVD-2024-23611)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in Asus AC68U 3.0.0.4.384.82230 and classified as critical. Affected by this vulnerability is an unknown functionality of the file usr/sbin/httpd of the component Network Packet Handler. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-26342. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-26314 | Mitsubishi Electric CPU Module Logging Configuration Tool privileges management (icsa-24-135-04 / EUVD-2024-23584)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in Mitsubishi Electric CPU Module Logging Configuration Tool, CSGL, CW Configurator, Data Transfer, Data Transfer Classic, EZSocket, FR Configurator SW3, FR Configurator2, GENESIS64, GT Designer3, GT SoftGOT1000, GT SoftGOT2000, GX Developer, GX LogViewer, GX Works2, GX Works3, iQ Works, MI Configurator, Numerical Control Device Communication Software, MR Configurator, MR Configurator2, MRZJW3-MC2-UTL, MX Component, MX OPC Server DA UA, PX Developer Monitor Tool, RT ToolBox3, RT VisualBox, Monitoring tools for the C Controller Module, SW0DNC-MNETH-B, SW1DNC-CCBD2-B, SW1DNC-CCIEF-J, SW1DNC-CCIEF-B, SW1DNC-MNETG-B, SW1DNC-QSCCF-B and SW1DND-EMSDK-B and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2024-26314. An attack has to be approached locally. There is no exploit available.
vuldb.com

CVE-2024-26311 | Archer Platform up to 6.14 P2 cross site scripting (EUVD-2024-23581)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability classified as problematic has been found in Archer Platform up to 6.14 P2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-26311. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-26313 | Archer Platform up to 6.14 P2 HF1 Trusted Application Data Store cross site scripting (EUVD-2024-23583)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Archer Platform up to 6.14 P2 HF1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Trusted Application Data Store. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-26313. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-26310 | Archer Platform up to 6.14 P1 API access control (EUVD-2024-23580)(link is external)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Archer Platform up to 6.14 P1. It has been rated as critical. This issue affects some unknown processing of the component API. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2024-26310. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad