Aggregator

A vulnerability was found in M-Files Server up to 24.10. It has been declared as very critical. This vulnerability affects unknown code of the component OpenLDAP Authentication Handler. Executing manipulation can lead to incorrect implementation of authentication algorithm. This vulnerability appears as CVE-2024-10127. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in argoproj argo-workflows up to 3.5.12/3.6.1. Affected by this issue is some unknown functionality of the file /api/v1/workflows/{namespace}/{name} of the component GET Workflow Endpoint. The manipulation results in information disclosure. This vulnerability is known as CVE-2024-53862. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability described as critical has been identified in Siemens Parasolid. This issue affects some unknown processing of the component PAR File Handler. The manipulation results in out-of-bounds write. This vulnerability is cataloged as CVE-2024-54091. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, was found in Chatwoot up to 3.15.x. This impacts the function query_operator of the component API. Executing manipulation can lead to sql injection. This vulnerability is tracked as CVE-2025-21628. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Scontain SCONE 5.8.0. This impacts an unknown function of the component Signal Handler. The manipulation leads to injection. This vulnerability is listed as CVE-2024-29971. The attack must be carried out from within the local network. In addition, an exploit is available.

A vulnerability labeled as critical has been found in zephyrproject-rtos Zephyr up to 3.7. The affected element is the function http_server_get_content_type_from_extension. Executing manipulation can lead to buffer under-read. This vulnerability appears as CVE-2024-10395. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in Salesforce Tableau Server up to 2022.1.2 and classified as problematic. This vulnerability affects unknown code of the component Personal Access Token Handler. This manipulation causes cleartext storage of sensitive information. This vulnerability is registered as CVE-2025-26495. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in HCL Leap up to 9.3.7. Affected by this vulnerability is an unknown functionality of the component Import Handler. The manipulation results in improper access controls. This vulnerability was named CVE-2024-30148. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.8. This affects the function page_pool_release_retry of the component fec. Performing manipulation results in improper update of reference count. This vulnerability was named CVE-2023-52998. The attack needs to be approached within the local network. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in nopCommerce up to 4.79.x. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes race condition. This vulnerability appears as CVE-2024-58248. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been declared as problematic. This issue affects the function HWS_SET32 of the component mlx5. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-21800. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Tel Aviv, Israel, 29th October 2025, CyberNewsWire

在这场向任何人开放的基于开源数 据得出结论的竞赛中，保护无辜平民的权利并建立一些关于如何合乎道德地使用OSI-NT的指导方针是至关重要的 。

GlobalCVE是一个开源的全球漏洞情报统一枢纽（Unified Vulnerability Search），旨在为安全研究人员、开发者和社区提供清晰、协作且无付费墙的漏洞情报视图。 它聚合了来自多个全球来源的 CVE（Common Vulnerabilities & Exposures）数据，包括 NVD（美国国家漏洞数据库）、MITRE、CNNVD（中国国家信息安全漏洞数据库）、JVN（日本漏洞笔记）、CERT-FR（法国计算机应急响应团队）等图五。通过这些来源的整合，它提供了一个跨边界的、统一的漏洞情报视图，避免了供应商锁定和数据孤岛。主要功能与特色 统一 CVE 搜索与可视化：支持从多个来源搜索和浏览 CVE 漏洞，提供去重视图，并通过自定义徽章标注数据来源，确保透明度和归属。 优点：可视化、支持产品反查。 API 集成：提供免费的公共 API图4，便于自动化和集成到其他工具中，支持服务器less架构以实现可扩展性。#开源情报网站分享计划 网站（往下拉到底直接搜索即可）图2图3： https://globalcve[.]xyz/

A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s surge in camera exploits, this Python-based utility targets unauthenticated endpoints in cameras running outdated firmware, such as version 3.1.3.150324. Developed for researchers and red teamers, it streamlines […]

The post Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras appeared first on Cyber Security News.

Peter Williams，39岁，澳大利亚国籍，现居美国华盛顿特区，是网络安全与情报领域的资深从业者。

Bringing frictionless implementation [Progressive Segmentation™ and EDR integration] and rapid value realization to an award-winning and peer-recognized technology platform demystifies, simplifies, and makes it extremely easy for our customers to achieve cyber resilience. As a student of innovation and technology, I’ve seen time and again that raw technological prowess alone rarely sparks widespread adoption. The […]

The post Cybersecurity Awareness Month 2025: Customer-Centric Innovation from ColorTokens appeared first on ColorTokens.

The post Cybersecurity Awareness Month 2025: Customer-Centric Innovation from ColorTokens appeared first on Security Boulevard.

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report