Aggregator

CVE-2025-46737 | Schweitzer Engineering Laboratories SEL-5037 Grid Configurator prior 6.4.0.58 origin validation (EUVD-2025-14304)

Vuldb Updates
4 months ago
A vulnerability classified as problematic has been found in Schweitzer Engineering Laboratories SEL-5037 Grid Configurator. This affects an unknown part. The manipulation leads to origin validation error. This vulnerability is uniquely identified as CVE-2025-46737. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46738 | Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software 1.35.151.21000 Layout Data File deserialization (EUVD-2025-14299)

Vuldb Updates
4 months ago
A vulnerability was found in Schweitzer Engineering Laboratories SEL-5033 acSELerator RTAC Software 1.35.151.21000. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Layout Data File Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-46738. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline

Anyrun
4 months ago

Attackers keep improving ways to avoid being caught, making it harder to detect and investigate their attacks. The Tycoon 2FA phishing kit is a clear example, as its creators regularly add new tricks to bypass detection systems.  In this study, we’ll take a closer look at how Tycoon 2FA’s anti-detection methods have changed over the […]

The post Evolution of Tycoon 2FA Defense Evasion Mechanisms: Analysis and Timeline appeared first on ANY.RUN's Cybersecurity Blog.

raptur3

CVE-2009-3694 | Jdtmmsm ezRecipe-Zee 91 config/config.php cfg[prePath] path traversal (EDB-10050 / XFDB-53696)

Vuldb Updates
4 months ago
A vulnerability classified as critical has been found in Jdtmmsm ezRecipe-Zee 91. This affects an unknown part of the file config/config.php. The manipulation of the argument cfg[prePath] leads to path traversal. This vulnerability is uniquely identified as CVE-2009-3694. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

785 nieuwe operationele wielvoertuigen voor Defensie

Defensie.nl - Nieuwsberichten
4 months ago
Defensie schaft 785 nieuwe operationele wielvoertuigen aan. Het gaat om wissellaadsystemen, trekkers voor trekker-opleggercombinaties en wielbergingsvoertuigen (WTB-voertuigen). Iveco Defence Vehicles SpA levert de 3 verschillende types. De eerste transportmiddelen komen over 2 jaar binnen, de laatste volgen in 2029. Dat meldt staatssecretaris Gijs Tuinman vandaag.

CVE-2025-4396 | Relevanssi Plugin up to 2.27.4/4.24.4 on WordPress Query Parameter sql injection (EUVD-2025-14360)

Vuldb Updates
4 months ago
A vulnerability has been found in Relevanssi Plugin up to 2.27.4/4.24.4 on WordPress and classified as critical. This vulnerability affects unknown code of the component Query Parameter Handler. The manipulation leads to sql injection. This vulnerability was named CVE-2025-4396. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-4473 | Frontend Dashboard Plugin up to 1.0/1.5.10/2.2.7 on WordPress ajax_request authorization (EUVD-2025-14372)

Vuldb Updates
4 months ago
A vulnerability was found in Frontend Dashboard Plugin up to 1.0/1.5.10/2.2.7 on WordPress. It has been rated as critical. This issue affects the function ajax_request. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2025-4473. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-4474 | Frontend Dashboard Plugin up to 1.0/2.2.7 on WordPress fed_admin_setting_form_function authorization (EUVD-2025-14368)

Vuldb Updates
4 months ago
A vulnerability classified as critical has been found in Frontend Dashboard Plugin up to 1.0/2.2.7 on WordPress. Affected is the function fed_admin_setting_form_function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-4474. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-43010 | SAP S4HANA/S4HANA Cloud Private Edition up to 714 SCM Master Data Layer code injection (EUVD-2025-14339)

Vuldb Updates
4 months ago
A vulnerability was found in SAP S4HANA and S4HANA Cloud Private Edition up to 714 and classified as critical. Affected by this issue is some unknown functionality of the component SCM Master Data Layer. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-43010. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-43009 | SAP Service Parts Management up to SAP_APPL 600 SPM authorization (EUVD-2025-14340)

Vuldb Updates
4 months ago
A vulnerability, which was classified as critical, has been found in SAP Service Parts Management up to SAP_APPL 600. Affected by this issue is some unknown functionality of the component SPM. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2025-43009. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-43011 | SAP Landscape Transformation up to S4CORE 102 PCL Basis Module authorization (EUVD-2025-14338)

Vuldb Updates
4 months ago
A vulnerability, which was classified as problematic, was found in SAP Landscape Transformation up to S4CORE 102. This affects an unknown part of the component PCL Basis Module. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-43011. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-4632 | Samsung Electronics MagicINFO 9 Server 21.1050 path traversal (EUVD-2025-14362)

Vuldb Updates
4 months ago
A vulnerability, which was classified as critical, has been found in Samsung Electronics MagicINFO 9 Server 21.1050. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-4632. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-22249 | VMware Aria Automation up to 8.18.1 Patch 1 URL cross site scripting (EUVD-2025-14367)

Vuldb Updates
4 months ago
A vulnerability classified as problematic was found in VMware Aria Automation, Cloud Foundation and Telco Cloud Platform up to 8.18.1 Patch 1. This vulnerability affects unknown code of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22249. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad