Aggregator

CVE-2025-27233 | Zabbix Agent 2 smartctl Plugin up to 6.0.39/7.0.10/7.2.4 Parameter smart.disk.get command injection (WID-SEC-2025-2042)

VulDB Recent Entries
5 months ago
A vulnerability, which was classified as critical, was found in Zabbix Agent 2 smartctl Plugin up to 6.0.39/7.0.10/7.2.4. This vulnerability affects unknown code of the component Parameter Handler. The manipulation of the argument smart.disk.get results in command injection. This vulnerability is identified as CVE-2025-27233. The attack can only be performed from the local network. There is not any exploit available.
vuldb.com

CVE-2025-27234 | Zabbix Agent 2 smartctl Plugin up to 5.0.46 Parameter smart.disk.get os command injection (EUVD-2025-29036 / WID-SEC-2025-2042)

VulDB Recent Entries
5 months ago
A vulnerability, which was classified as critical, has been found in Zabbix Agent 2 smartctl Plugin up to 5.0.46. This affects an unknown part of the file smart.disk.get of the component Parameter Handler. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2025-27234. The attack needs to be initiated within the local network. No exploit is available.
vuldb.com

CVE-2025-8699 | KioSoft Stored Value Unattended Payment Solution sensitive information

VulDB Recent Entries
5 months ago
A vulnerability classified as problematic was found in KioSoft Stored Value Unattended Payment Solution. Affected by this issue is some unknown functionality. Executing manipulation can lead to insecure storage of sensitive information. The identification of this vulnerability is CVE-2025-8699. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

CVE-2025-10267 | NewType Infortech NUP Portal up to SP5.0 File Extension missing authentication (EUVD-2025-29037)

VulDB Recent Entries
5 months ago
A vulnerability classified as critical has been found in NewType Infortech NUP Portal up to SP5.0. Affected by this vulnerability is an unknown functionality of the component File Extension Handler. Performing manipulation results in missing authentication. This vulnerability was named CVE-2025-10267. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2025-10264 | Digiever DS-1200 exposure of sensitive system information to an unauthorized control sphere (EUVD-2025-29031)

VulDB Recent Entries
5 months ago
A vulnerability described as problematic has been identified in Digiever DS-1200, DS-2100 Pro, DS-2100 Pro+, DS-2100 UHD, DS-2200 UHD, DS-2200 UHD+, DS-4200 Pro, DS-4200 Pro+, DS-4200 UHD, DS-4200 UHD+, DS-4100-RM, DS-4200-RM Pro+, DS-4200-RM UHD, DS-8x00-RM Pro+, DS-8x00-SRM Pro+, DS-8x00-RM UHD, DS-16x00-RM Pro+ and DS-16x00-RM UHD. Affected is an unknown function. Such manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is uniquely identified as CVE-2025-10264. The attack can be launched remotely. No exploit exists.
vuldb.com

EvilAI: Leveraging AI to Steal Browser Data and Evade Detection

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months ago

EvilAI, a new malware family tracked by Trend™ Research, has emerged in recent weeks disguised as legitimate AI-driven utilities. These trojans sport professional user interfaces, valid code signatures, and functional features, allowing them to slip past both corporate and personal defenses undetected. Leveraging lightweight installers and AI-generated code, EvilAI rapidly establishes persistent footholds while masquerading […]

The post EvilAI: Leveraging AI to Steal Browser Data and Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

CVE-2025-10265 | Digiever DS-1200 os command injection (EUVD-2025-29039)

VulDB Recent Entries
5 months ago
A vulnerability labeled as critical has been found in Digiever DS-1200, DS-2100 Pro, DS-2100 Pro+, DS-2100 UHD, DS-2200 UHD, DS-2200 UHD+, DS-4200 Pro, DS-4200 Pro+, DS-4200 UHD, DS-4200 UHD+, DS-4100-RM, DS-4200-RM Pro+, DS-4200-RM UHD, DS-8x00-RM Pro+, DS-8x00-SRM Pro+, DS-8x00-RM UHD, DS-16x00-RM Pro+ and DS-16x00-RM UHD. This affects an unknown function. The manipulation results in os command injection. This vulnerability is known as CVE-2025-10265. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-6638 | huggingface transformers up to 4.52.x MarianTokenizer remove_language_code redos

VulDB Recent Entries
5 months ago
A vulnerability identified as problematic has been detected in huggingface transformers up to 4.52.x. The impacted element is the function remove_language_code of the component MarianTokenizer. The manipulation leads to inefficient regular expression complexity. This vulnerability is traded as CVE-2025-6638. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CISA looks to partners to shore up the future of the CVE Program

Help Net Security
5 months ago

The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders everywhere are operating from the same map. That’s what the CVE Program provides: a common lexicon of real, exploitable vulnerabilities,” Nick Andersen, Executive Assistant Director for Cybersecurity, stated on Thursday. “CISA has been – and will remain – committed … More →

The post CISA looks to partners to shore up the future of the CVE Program appeared first on Help Net Security.

Zeljka Zorz

CVE-2025-21701 | Linux Kernel up to 6.6.75/6.12.12/6.13.1 kernel/locking/mutex.c information disclosure (Nessus ID 233595 / WID-SEC-2025-0378)

Vuldb Updates
5 months ago
A vulnerability described as problematic has been identified in Linux Kernel up to 6.6.75/6.12.12/6.13.1. Affected is an unknown function of the file kernel/locking/mutex.c. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-21701. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-21700 | Linux Kernel up to 6.6.75/6.12.12/6.13.1 use after free (Nessus ID 232209 / WID-SEC-2025-0378)

Vuldb Updates
5 months ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.6.75/6.12.12/6.13.1. This vulnerability affects unknown code. This manipulation causes use after free. This vulnerability is registered as CVE-2025-21700. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-5994 | NLnet Labs Unbound up to 1.22.x DNS Transaction ID acceptance of extraneous untrusted data with trusted data (EUVD-2025-21730 / Nessus ID 242937)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, has been found in NLnet Labs Unbound up to 1.22.x. This issue affects some unknown processing of the component DNS Transaction ID Handler. This manipulation causes acceptance of extraneous untrusted data with trusted data. The identification of this vulnerability is CVE-2025-5994. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-21759 | Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2 mcast igmp6_send allocation of resources (Nessus ID 234058 / WID-SEC-2025-2043)

Vuldb Updates
5 months ago
A vulnerability categorized as problematic has been discovered in Linux Kernel up to 6.6.78/6.12.15/6.13.3/6.14-rc2. Affected by this vulnerability is the function igmp6_send of the component mcast. Such manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-21759. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2023-49083 | pyca cryptography 41.0.2 PKCS7 Certificate null pointer dereference (Nessus ID 209185 / WID-SEC-2025-2043)

Vuldb Updates
5 months ago
A vulnerability, which was classified as problematic, has been found in pyca cryptography 41.0.2. Affected by this vulnerability is an unknown functionality of the component PKCS7 Certificate Handler. Performing manipulation results in null pointer dereference. This vulnerability is known as CVE-2023-49083. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

Managed ad