Aggregator

A vulnerability was found in SeaCMS 13.3 and classified as critical. This issue affects some unknown processing of the file admin_manager.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-44072. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in yhirose cpp-httplib up to 0.20.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to resource consumption. This vulnerability was named CVE-2025-46728. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Discourse up to 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-46813. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in SeaCMS 13.3. Affected by this issue is some unknown functionality of the file phomebak.php. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-44071. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1. Affected by this vulnerability is an unknown functionality of the component Automatic Client Rerouting. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-1000. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1. Affected is an unknown function of the component Configuration Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-0915. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Механизмы безопасности неожиданно начали работать против пользователей.

Most attacks don’t start with malware; they begin with a message that seems completely normal, whether it comes through email, a phone call, or a chat, and that is exactly what makes them so effective. These threats rely on psychological manipulation to bypass people, not firewalls. Pressure is applied, authority is faked, and communication is mimicked. Social engineering threats account for most cyberthreats faced by individuals in 2024, according to Avast. Some people are easier … More →

The post How cybercriminals exploit psychological triggers in social engineering attacks appeared first on Help Net Security.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 72 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 72 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.5 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans / Midnight Blue' was reported to the affected vendor on: 2025-05-06, 91 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 72 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 72 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kentaro Kawane of GMO Cybersecurity by Ierae' was reported to the affected vendor on: 2025-05-06, 72 days ago. The vendor is given until 2025-09-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

超越AI，寻找驱动安全运营平台技术架构演进的原动力：数据和流程！

超越AI，寻找驱动安全运营平台技术架构演进的原动力：数据和流程！

In this Help Net Security video, Joshua McKenty, CEO of Polyguard, talks about how to protect yourself from deepfake and AI threats, which are getting harder to spot and easier to launch. Attackers can clone your voice or face, steal your data, or trick you into bad decisions. Simple steps like using multi-factor authentication, a password manager, and modern email security can make a big difference. Everyone is a target now, not just CEOs.

The post Key tips to stay safe from deepfake and AI threats appeared first on Help Net Security.

A recently disclosed critical security flaw impacting the open-source Langflow platform has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-3248, carries a CVSS score of 9.8 out of a maximum of 10.0. "Langflow contains a missing

A vulnerability classified as problematic has been found in Google Tensorflow up to 2.5.2/2.6.2/2.7.0. This affects the function Bincount. The manipulation of the argument in leads to denial of service. This vulnerability is uniquely identified as CVE-2022-21737. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Google Tensorflow up to 2.5.2/2.6.2/2.7.0. This vulnerability affects unknown code. The manipulation leads to reachable assertion. This vulnerability was named CVE-2022-23569. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.