Aggregator

A vulnerability has been found in Plone up to 4.2.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Next leads to improper access controls. This vulnerability is known as CVE-2013-4200. The attack can be launched remotely. Furthermore, there is an exploit available.

Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting as essential to their program. This captures the assurance role of pentesting and reflects the reality that‬ most breaches don’t occur because the victim had no defenses. Rather, the defenses they had‬ weren’t as solid as they thought.‬ ‭ It’s … More →

The post 94% of firms say pentesting is essential, but few are doing it right appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-04-15, 65 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Elias Ikkela-Koski' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Synacktiv' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam)' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Evan Grant' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Synacktiv' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'hama7230' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.8 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'PHP Hooligans' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Viettel Cyber Security' was reported to the affected vendor on: 2025-04-15, 10 days ago. The vendor is given until 2025-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability classified as problematic was found in ZoneMinder 1.24.0/1.24.1/1.24.2/1.24.3. This vulnerability affects unknown code. The manipulation of the argument action leads to path traversal. This vulnerability was named CVE-2013-0332. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

日本首相石破茂又整出了一出新戏码——计划2025年4月底访菲，力推签署《军事情报保护协定》（GSOMIA）。

在巴基斯坦荒芜的俾路支山区，一场无声的技术革命正在改变恐怖组织与政府军之间的力量对比。

A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks

A vulnerability classified as problematic was found in Envoy up to 1.30.9/1.31.5/1.32.3/1.33.0. Affected by this vulnerability is an unknown functionality of the component Websocket Handshake Handler. The manipulation leads to improper cleanup on thrown exception. This vulnerability is known as CVE-2025-30157. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.20/6.13.8 and classified as critical. This issue affects the function key_put of the component Global Variable Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-21893. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Flash Player up to 11.2.202.457/13.0.0.281/17.0.0.169 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2015-3088. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in GScripts DNS Tools. Affected by this vulnerability is an unknown functionality of the file dig.php. The manipulation of the argument host leads to improper input validation. This vulnerability is known as CVE-2009-1361. The attack can be launched remotely. Furthermore, there is an exploit available.