Aggregator

A vulnerability has been found in WUZHI CMS 4.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file index.php?m=core&f=panel&v=edit_info. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2018-18711. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WUZHI CMS 4.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file index.php?m=member&f=index&v=edit&uid=1. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2018-18712. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Jettison. It has been rated as critical. Affected by this issue is some unknown functionality of the component XML Parser. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2022-40149. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle PeopleSoft Enterprise PeopleTools 8.58. This affects an unknown part of the component Security. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-40149. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle Access Manager 12.2.1.4.0. Affected is an unknown function of the component Build Scripts. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-40149. It is possible to launch the attack remotely. There is no exploit available.

Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about Internet anonymity, mental health, and the growing disconnect between generations.

A vulnerability has been found in GestiolP 3.5.7 and classified as problematic. Affected by this vulnerability is the function ip_do_job. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-50857. The attack can be launched remotely. Furthermore, there is an exploit available.

In short order, U.S. prosecutors won an extradition case to bring a suspect in multiple ransomware cases to the United States and had another in England move in their favor when the British judge paved the way for an alleged hacker hired by a lobbyist firm to target climate change activists involved in lawsuits against a big oil company.

The post U.S. Wins One, Maybe Two, Extradition Petitions in Unrelated Cases appeared first on Security Boulevard.

5 min readInstead of running static workflows, agents are building the system for you, deciding how to connect tools and take action on the fly.

The post Self-Assembling AI and the Security Gaps It Leaves Behind appeared first on Aembit.

The post Self-Assembling AI and the Security Gaps It Leaves Behind appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in DBSyncer 2.0.6. This affects an unknown part of the file /config/download of the component JSON File Parser. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-45237. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in misskey-dev misskey 2025.2.0-alpha.0. It has been rated as critical. Affected by this issue is the function UrlPreviewService/MkUrlPreview. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2025-46340. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in open-webui OpenWebUI up to 0.6.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-46719. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in keystonejs keystone up to 6.4.x. It has been classified as problematic. Affected is an unknown function of the component GraphQL Schema Handler. The manipulation leads to information exposure through discrepancy. This vulnerability is traded as CVE-2025-46720. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HCL BigFix Compliance 2.0.12 and classified as problematic. This issue affects some unknown processing of the component Temporary File Handler. The manipulation leads to inclusion of sensitive information in test code. The identification of this vulnerability is CVE-2024-42213. The attack may be initiated remotely. There is no exploit available.

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.

A vulnerability has been found in misskey and classified as critical. This vulnerability affects the function Mk:api. The manipulation leads to path traversal. This vulnerability was named CVE-2025-46559. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft warns about the security risks posed by default configurations in Kubernetes deployments, particularly those using out-of-the-box Helm charts, which could publicly expose sensitive data. [...]

A vulnerability, which was classified as very critical, was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006. This affects the function uvr of the file vr.py. The manipulation of the argument model_choose leads to deserialization. This vulnerability is uniquely identified as CVE-2025-43852. It is possible to initiate the attack remotely. There is no exploit available.