Aggregator

在过去几个月的时间里此类攻击骤升

Bitsight reveals that UK companies are more exposed to cyber risk than global peers via their digital supply chains

Биржа закрывает лазейку для отмывания миллионов группы Lazarus.

Security researchers have publicly released a proof-of-concept (PoC) exploit for CVE-2024-36904, a critical use-after-free vulnerability in the Linux kernel that has remained undetected for seven years.  The vulnerability, which affects the TCP subsystem, could potentially allow attackers to execute remote code with kernel privileges. Use-after-free Linux Kernel Vulnerability The flaw stems from a race condition […]

The post PoC Exploit Released for Use-after-free Linux Kernel Vulnerability appeared first on Cyber Security News.

Attackers increasingly leverage AI-powered exploitation and can quickly identify vulnerable systems, infiltrate networks unnoticed and move laterally to compromise critical assets.

The post The Future of Enterprise Security: AI-powered Lateral Defense in a Dynamic Threat Landscape appeared first on Security Boulevard.

A vulnerability classified as problematic has been found in Dromara ujcms 9.7.5. This affects the function update of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileTemplateController.java of the component Edit Template File Page. The manipulation leads to Cross site scripting. This vulnerability is uniquely identified as CVE-2025-2491. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 1 - An issue was discovered in Percona PMM Server (OVA) before 3.0.0-1.ova. The default service account credentials can lead to SSH access, use of Sudo to root, and sensitive data exposure. This is fixed in PMM2 2.42.0-1.ova, 2.43.0-1.ova, 2.43.1-1.ova, 2.43.2-1.ova, and ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.

Currently trending CVE - Hype Score: 1 - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the ...

Currently trending CVE - Hype Score: 1 - The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

A vulnerability was found in Dromara ujcms 9.7.5. It has been rated as problematic. Affected by this issue is the function uploadZip/upload of the file /main/java/com/ujcms/cms/ext/web/backendapi/WebFileUploadController.java of the component File Upload. The manipulation leads to Cross site scripting. This vulnerability is handled as CVE-2025-2490. The attack may be launched remotely. Furthermore, there is an exploit available.

本文中主要集中在hutool这一常用组件中，在动态代理以及JDBC attack这两个角度在利用过程中可能存在的一部分链子。

Submit #517269 / VDB-299997

Submit #517268 / VDB-299996

Submit #517267 / VDB-299996

A vulnerability was found in MongoDB libbson and Server. It has been declared as critical. Affected by this vulnerability is the function bson_append functions. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-0755. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fuji Soft +F FS010M. It has been classified as critical. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-25220. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Fuji Soft +F FS010M and classified as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-24306. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Неизвестные превратили бренд в символ протеста.