Aggregator

A vulnerability classified as critical was found in Oracle Knowledge up to 8.6.3. Affected by this vulnerability is an unknown functionality of the component Web Applications. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2017-14735. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The healthcare sector has emerged as a prime target for cyber attackers, driven by the increasing reliance on cloud applications and the rapid integration of generative AI (genAI) tools into organizational workflows. According to the Netskope Threat Labs Report for Healthcare 2025, cybercriminals are exploiting trusted platforms like GitHub, with 13% of healthcare organizations experiencing […]

The post Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability
• CVE-2024-11120 GeoVision Devices OS Command Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

A vulnerability classified as problematic has been found in Red Hat Enterprise Linux 7/8/9. Affected is an unknown function of the component mod_auth_openidc. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-3891. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in TCMAN GIM 11 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-40625. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in TomatoCart 1.2.0. It has been classified as problematic. Affected is an unknown function of the file json.php. The manipulation of the argument module leads to path traversal. This vulnerability is traded as CVE-2012-5907. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Oracle MySQL Enterprise Monitor up to 8.0.18.1217/4.0.11.5331. This affects an unknown part of the component Service Manager. The manipulation leads to session fixiation. This vulnerability is uniquely identified as CVE-2019-17563. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Cluster up to 7.3.28/7.4.27/7.5.17/7.6.13/8.0.19 and classified as critical. Affected by this issue is some unknown functionality of the component Cluster: General. The manipulation leads to denial of service. This vulnerability is handled as CVE-2020-2768. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle MySQL Connectors up to 8.0.19/5.1.48. Affected by this vulnerability is an unknown functionality of the component Connector/J. The manipulation leads to denial of service. This vulnerability is known as CVE-2020-2934. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Connectors up to 8.0.14/5.1.48. It has been rated as critical. Affected by this issue is some unknown functionality of the component Connector/J. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2020-2875. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58. Affected by this vulnerability is an unknown functionality of the component Query. The manipulation leads to denial of service. This vulnerability is known as CVE-2020-2782. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle PeopleSoft Enterprise HRMS 9.2. This affects an unknown part of the component Candidate Gateway. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2020-2954. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle PeopleSoft Enterprise PeopleTools 8.56/8.57/8.58 and classified as critical. This vulnerability affects unknown code of the component Diagnostic Framework. The manipulation leads to an unknown weakness. This vulnerability was named CVE-2020-2868. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling unauthenticated attackers to execute remote commands by exploiting several pre-auth XML External Entity (XXE) injection flaws. The vulnerabilities, registered as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, highlight systemic risks in widely-used IT Service Management platforms. SysAid ITSM On-Premise Plagued by Pre-Auth XXE […]

The post SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in RobTex Viking Server up to 1.07-381 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to path traversal. This vulnerability is known as CVE-2001-0467. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sphider 1.3.6. It has been declared as critical. This vulnerability affects unknown code. The manipulation of the argument _word_upper_bound leads to code injection. This vulnerability was named CVE-2014-5194. The attack can be initiated remotely. Furthermore, there is an exploit available.

2025年网络空间安全学术会议征文通知

2025年网络空间安全学术会议征文通知

Cybersecurity researchers have disclosed multiple security flaw in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and CVE-2025-2777, have all been described as XML External Entity (XXE) injections, which occur when an attacker is

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical infrastructure operators-particularly those in the oil and natural gas sector-of emerging cyber threats targeting Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) networks. The agency reports that, in recent months, unsophisticated cyber actors have increasingly attempted to infiltrate […]

The post CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.