Aggregator

CVE-2025-36042 | IBM QRadar SIEM 7.5.0 Web UI cross site scripting (WID-SEC-2025-1888)

16 hours 55 minutes ago

A vulnerability classified as problematic was found in IBM QRadar SIEM 7.5.0. This affects an unknown part of the component Web UI. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-36042. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is advised.

vuldb.com

CVE-2025-33120 | IBM QRadar SIEM up to 7.5.0 UP13 cronjob unnecessary privileges (EUVD-2025-25525 / WID-SEC-2025-1888)

Vuldb Updates

16 hours 55 minutes ago

A vulnerability, which was classified as critical, has been found in IBM QRadar SIEM up to 7.5.0 UP13. This vulnerability affects unknown code of the component cronjob. This manipulation causes execution with unnecessary privileges. The identification of this vulnerability is CVE-2025-33120. The attack can only be executed locally. There is no exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-43300 | Apple macOS Image File out-of-bounds write (EUVD-2025-25409 / WID-SEC-2025-1876)

Vuldb Updates

16 hours 55 minutes ago

A vulnerability classified as critical has been found in Apple macOS. This impacts an unknown function of the component Image File Handler. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-43300. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-38999 | jrburke requirejs 2.3.6 s.contexts._.configure prototype pollution (Nessus ID 209968 / WID-SEC-2025-1887)

Vuldb Updates

16 hours 55 minutes ago

A vulnerability was found in jrburke requirejs 2.3.6. It has been rated as problematic. This vulnerability affects the function s.contexts._.configure. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is listed as CVE-2024-38999. The attack must be carried out from within the local network. There is no available exploit.

vuldb.com

CVE-2025-38742 | Dell iDRAC Service Module up to 6.0.3.0 permission assignment (dsa-2025-311 / EUVD-2025-25485)

Vuldb Updates

16 hours 55 minutes ago

A vulnerability was found in Dell iDRAC Service Module up to 6.0.3.0. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2025-38742. Attacking locally is a requirement. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-38743 | Dell iDRAC Service Module up to 6.0.3.0 buffer access with incorrect length value (dsa-2025-311 / EUVD-2025-25483)

Vuldb Updates

16 hours 55 minutes ago

A vulnerability was found in Dell iDRAC Service Module up to 6.0.3.0. It has been rated as critical. This affects an unknown part. This manipulation causes buffer access with incorrect length value. This vulnerability is handled as CVE-2025-38743. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

16 hours 56 minutes ago

Microsoft has disclosed a critical flaw in its Copilot agents’ governance framework that allows any authenticated user to access and interact with AI agents within an organization—bypassing intended policy controls and exposing sensitive operations to unauthorized actors. At the core of the issue is the way Copilot Agent Policies are enforced—or, more accurately, not enforced—when […]

The post Microsoft Copilot Agent Policy Flaw Lets Any User Access AI Agents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Submit #633635: mtons https://gitee.com/mtons/mblog <=3.5.0 Stored XSS [Accepted]

Vuldb Submit

16 hours 58 minutes ago

Submit #633635 / VDB-321245

ZAST.AI

亚庇、仙本那一周游

不安全

16 hours 58 minutes ago

文章记录了一对情侣在马来西亚亚庇和仙本那为期一周的旅行经历。他们从浮潜、红树林游览到萤火虫观赏、海钓等活动体验丰富。行程中还涉及当地美食、交通方式及住宿体验的分享。整体上是一段轻松愉快的旅程。

Weekly Update 466

Troy Hunt

17 hours 3 minutes ago

I'm fascinated by the unwillingness of organisations to name the "third party" to which they've attributed a breach. The initial reporting on the Allianz Life incident from last month makes no mention whatsoever of Salesforce, nor does any other statement I can find from

Troy Hunt

CVE-2023-30847 | H2O up to 2.3.0-beta2 Reverse Proxy uninitialized pointer (GHSA-p5hj-phwj-hrvx / Nessus ID 253190)

Vuldb Updates

17 hours 4 minutes ago

A vulnerability classified as critical was found in H2O up to 2.3.0-beta2. This affects an unknown function of the component Reverse Proxy Handler. The manipulation results in uninitialized pointer. This vulnerability was named CVE-2023-30847. The attack may be performed from a remote location. There is no available exploit. It is best practice to apply a patch to resolve this issue.

vuldb.com

CVE-2023-22098 | Oracle VM VirtualBox Core Local Privilege Escalation (Nessus ID 253187)

Vuldb Updates

17 hours 4 minutes ago

A vulnerability was found in Oracle VM VirtualBox. It has been rated as critical. This impacts an unknown function of the component Core. Performing manipulation results in Local Privilege Escalation. This vulnerability was named CVE-2023-22098. The attack needs to be approached locally. In addition, an exploit is available.

vuldb.com

CVE-2017-7963 | GNU GMP up to 7.1.4 on PHP resource management (Bug 74308 / Nessus ID 253193)

Vuldb Updates

17 hours 4 minutes ago

A vulnerability was found in GNU GMP up to 7.1.4 on PHP. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes improper resource management. This vulnerability is handled as CVE-2017-7963. The attack can be initiated remotely. There is not any exploit available. It is still unclear if this vulnerability genuinely exists.

vuldb.com

Submit #633614: Wavlink WL-NU516U1-A M16U1_V240425 Command Injection [Duplicate]

Vuldb Submit

17 hours 5 minutes ago

Submit #633614 / VDB-320528

QMSSDXN

Hi, I am a beginner and I want to be penetration tester I am confident in this roadmap and I want to inquire more about what I should learn or what programming languages will benefit me and give me a strong foundation in programming so that I can be a…

不安全

17 hours 11 minutes ago

这是一个网络安全性相关的Reddit社区，主要面向学生群体，允许用户分享资源、提问和互相帮助学习各种网络安全专业技能。

Война на скорости 11 Махов — Китай научился побеждать НАТО за 5 наносекунд

Securitylab.ru

17 hours 11 minutes ago

Они подчинили себе гиперзвук и заставили врагов нервничать.

XCon2025完美落幕|在AI革命的浪潮中，筑牢安全堤坝！

嘶吼专业版

17 hours 14 minutes ago

2025年8月22日，XCon2025安全焦点信息安全技术峰会在北京·民航国际会议中心成功举办。

CVE-2006-1377 | EasyMoblog/CoMoblog img.php i cross site scripting (EDB-27459 / XFDB-25416)

Vuldb Updates

17 hours 14 minutes ago

A vulnerability was found in EasyMoblog and CoMoblog. It has been declared as problematic. The impacted element is an unknown function of the file img.php. The manipulation of the argument i results in basic cross site scripting. This vulnerability is reported as CVE-2006-1377. The attack can be launched remotely. Moreover, an exploit is present.

vuldb.com

CVE-2006-5739 | Leicestershire communityPortals 1.0 cp_root_path file inclusion (EDB-2516 / XFDB-29487)

Vuldb Updates

17 hours 14 minutes ago

A vulnerability was found in Leicestershire communityPortals 1.0. It has been rated as critical. Affected is an unknown function. The manipulation of the argument cp_root_path leads to file inclusion. This vulnerability is documented as CVE-2006-5739. The attack can be initiated remotely. Additionally, an exploit exists.

vuldb.com

CVE-2006-2141 | Collaborative Portal Server up to 3.4.0 Pos cross site scripting (EDB-27793 / XFDB-26155)

Vuldb Updates

17 hours 14 minutes ago

A vulnerability was found in Collaborative Portal Server up to 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. Such manipulation of the argument Pos leads to basic cross site scripting. This vulnerability is listed as CVE-2006-2141. The attack may be performed from a remote location. In addition, an exploit is available.

vuldb.com

Aggregator

Managed ad