Aggregator

Как неоплаченная парковка стала новым оружием киберпреступников.

A vulnerability was found in SAP BusinessObjects Business Intelligence Platform 2025/ENTERPRISE 430 and classified as problematic. This issue affects some unknown processing of the component Web Intelligence. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-25245. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in SAP Business Objects Business Intelligence Platform 2025/2027/ENTERPRISE 430 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2025-23185. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in SAP BusinessObjects Business Intelligence Platform 2025/ENTERPRISE 430/ENTERPRISECLIENTTOOLS 430. This affects an unknown part of the component Web Intelligence Reports. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0062. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in IBM Common Cryptographic Architecture and 4769 Developers Toolkit up to 7.5.51. Affected by this issue is some unknown functionality of the component RSA Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is handled as CVE-2024-41760. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in realmag777 WPCS Plugin up to 1.2.0.4 on WordPress. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to code injection. This vulnerability is known as CVE-2025-2169. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50. Affected is an unknown function of the component OBN. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-23194. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in IBM Common Cryptographic Architecture and 4769 Developers Toolkit up to 7.5.51. It has been rated as critical. This issue affects some unknown processing of the component Hardware Security Module. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2024-49823. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SAP NetWeaver. It has been declared as very critical. This vulnerability affects unknown code of the component ABAP Class Builder. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-26661. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in IBM Common Cryptographic Architecture and 4769 Developers Toolkit up to 7.5.51. It has been classified as problematic. This affects an unknown part of the component ECDSA Signature Handler. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2024-22340. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in realmag777 HUSKY Plugin up to 1.3.6.5 on WordPress and classified as critical. Affected by this issue is the function woof_text_search. The manipulation of the argument template leads to path traversal. This vulnerability is handled as CVE-2025-1661. The attack may be launched remotely. There is no exploit available.

Google 今年初突然为已经停止支持的 Pixel 4a 智能手机释出了更新，Google 在声明中称：部分 Pixel 4a 手机需要更新软件以提高电池性能的稳定性。Pixel 4a 于 2020 年上市，2023 年释出最后一次安全更新。对于最新更新它没有给出更详细的解释。现在澳大利亚的消费者保护组织 Australian Competition and Consumer Commission(ACCC) 在 Pixel 4a 自愿召回通知中称，该型号的电池存在过热起火风险，更新固件和更换电池有助于降低风险。不是所有 Pixel 4a 电池都受到影响，存在过热风险的电池使用了 LSN 标签。Pixel 4a 使用了两种锂电池，其中之一是 LSN，另一个是 ATL。LSN 可能指的是电池制造商力神（Lishen）。

A vulnerability classified as problematic was found in Cab Fare Calculator Plugin up to 1.1.6 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-3556. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Adobe Acrobat Reader up to 20.005.30636/24.002.20964/24.001.30123/24.002.20991. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-45107. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Trellix Intrusion Prevention System Manager 11.1.7.97. This issue affects some unknown processing of the component API. The manipulation leads to authentication bypass by primary weakness. The identification of this vulnerability is CVE-2024-5957. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in PHPGurukul Job Portal 1.0. Affected by this issue is some unknown functionality of the file /jobportal/process.php. The manipulation of the argument JOBID/USERNAME leads to cross site scripting. This vulnerability is handled as CVE-2024-8471. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in PHPGurukul Job Portal 1.0. This affects an unknown part of the file /jobportal/index.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8472. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in PHPGurukul Job Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file /jobportal/admin/login.php. The manipulation of the argument user_email leads to cross site scripting. This vulnerability was named CVE-2024-8473. The attack can be initiated remotely. There is no exploit available.

Application Security Engineer Tipalti | Israel | On-site – View job details As an Application Security Engineer, you will conduct application security assessments, including architecture design reviews and threat modeling. Act as a security advisor to cross-functional teams, including product, engineering, and others, to support secure software development. Design, build, and implement advanced application security solutions. Lead security audits, vulnerability assessments, and code reviews. CISO Datastream Digital | Brunei | On-site – View job details … More →

The post Cybersecurity jobs available right now: March 11, 2025 appeared first on Help Net Security.