Aggregator

A vulnerability was found in Educare ERP 1.0 2025-04-22. It has been rated as critical. This issue affects some unknown processing of the component Endpoint. This manipulation causes improper authorization. The identification of this vulnerability is CVE-2025-60982. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Rocket TRUfusion Enterprise up to 7.10.4.0. It has been declared as problematic. This vulnerability affects unknown code of the file /trufusionPortal/jsp/internal_admin_contact_login.jsp of the component Endpoint. The manipulation results in information disclosure. This vulnerability was named CVE-2025-27225. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Liferay Portal and DXP. It has been classified as critical. This affects an unknown part of the component API. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-62259. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Liferay Portal and DXP and classified as problematic. Affected by this issue is some unknown functionality of the component Headless API. Executing manipulation can lead to resource consumption. This vulnerability is handled as CVE-2025-62260. The attack can be executed remotely. There is not any exploit available.

A vulnerability has been found in THM-Health PILOS up to 4.7.x and classified as critical. Affected by this vulnerability is an unknown functionality. Performing manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2025-62523. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in BAE SOCET GXP 4.6.0.2. Affected is an unknown function of the component XML File Handler. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-54967. The attack may be launched remotely. Furthermore, there is an exploit available. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM QRadar SIEM up to 7.5.0 UP13 IF02. This impacts an unknown function of the component Web UI. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-36170. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in IBM QRadar SIEM up to 7.5.0 UP13 IF02. This affects an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-36138. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in turbo-tenant-internal-property landlord-onboard-rental-signup up to 2.0.0. The impacted element is an unknown function of the component API. The manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-62516. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in tlocke pg8000 1.31.4. The affected element is the function pg8000.native.literal. Executing manipulation can lead to sql injection. This vulnerability is registered as CVE-2025-61385. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability marked as problematic has been reported in THM-Health PILOS up to 4.7.x. Impacted is an unknown function of the component HTTP Header Handler. Performing manipulation of the argument X-Powered-By results in information disclosure. This vulnerability is cataloged as CVE-2025-62524. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Tomcat up to 8.4.x/8.5.100/9.0.108/10.1.44/11.0.10 on Windows. This issue affects some unknown processing. Such manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2025-55754. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in Apache Tomcat up to 8.4.x/8.5.100/9.0.109/10.1.46/11.0.11. This vulnerability affects unknown code of the component Cleaning. This manipulation causes denial of service. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-61795. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Apache Tomcat up to 8.4.x/8.5.100/9.0.108/10.1.44/11.0.10. This affects an unknown part of the file /WEB-INF/ of the component Query Parameter Handler. The manipulation results in relative path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2025-55752. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

The post Ghosts of Incidents Past: Exorcise Threats with Hero AI appeared first on AI Security Automation.

The post Ghosts of Incidents Past: Exorcise Threats with Hero AI appeared first on Security Boulevard.

Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…

How Secure Are Your Non-Human Identities in the Cloud? Where technology continuously evolves, how confident are you in your Non-Human Identities (NHIs) within cloud environments? These NHIs, essentially machine identities, serve as critical components in modern cybersecurity frameworks. Their management is pivotal for securing sensitive assets and ensuring operational integrity across various sectors. From financial […]

The post Innovative Strategies for NHI Security appeared first on Entro.

The post Innovative Strategies for NHI Security appeared first on Security Boulevard.

How Do Non-Human Identities Transform Security for Organizations? Where increasingly driven by technology, how do organizations ensure the safety of their digital environments? The answer lies in Non-Human Identities (NHIs) and Secrets Security Management. While many are familiar with traditional identity and access management for human users, account for machine or non-human identities pivotal to […]

The post Assured Compliance Through Effective IAM appeared first on Entro.

The post Assured Compliance Through Effective IAM appeared first on Security Boulevard.

Can Your Organization Afford to Overlook Non-Human Identities in Cybersecurity? Non-Human Identities (NHIs) are quickly becoming pivotal in cybersecurity. But what exactly are NHIs, and why should businesses prioritize their management? NHIs, essentially machine identities, are made up of encrypted passwords, tokens, or keys that act as unique identifiers. These identifiers, much like passports, are […]

The post Secrets Security That Delivers Business Value appeared first on Entro.

The post Secrets Security That Delivers Business Value appeared first on Security Boulevard.

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.