Aggregator

CVE-2025-48514 | AMD EPYC 9004 Processors SEV Firmware insufficient granularity of access control (Nessus ID 298583)

Vuldb Updates
1 month 3 weeks ago
A vulnerability labeled as problematic has been found in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 9005 Processors and EPYC Embedded 8004 Processors. Affected by this issue is some unknown functionality of the component SEV Firmware. The manipulation results in insufficient granularity of access control. This vulnerability is known as CVE-2025-48514. Attacking locally is a requirement. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-52536 | AMD EPYC 9004 Processors SEV Firmware improper prevention of lock bit modification (Nessus ID 298584)

Vuldb Updates
1 month 3 weeks ago
A vulnerability marked as problematic has been reported in AMD EPYC 9004 Processors, EPYC 7003 Processors, EPYC 9005 Processors, EPYC 8004 Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9004 Processors, EPYC Embedded 9005 Processors and EPYC Embedded 8004 Processors. Impacted is an unknown function of the component SEV Firmware. Performing a manipulation results in improper prevention of lock bit modification. This vulnerability is known as CVE-2025-52536. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-25506 | dun munge up to 0.5.17 Message length out-of-bounds write (Nessus ID 298586)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in dun munge up to 0.5.17. Affected by this vulnerability is an unknown functionality of the component Message Handler. This manipulation of the argument length causes out-of-bounds write. This vulnerability is tracked as CVE-2026-25506. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

Akira

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

CVE-2026-25530 | Kanboard up to 1.2.49 getSwimlane API authorization (GHSA-6rxw-vvvj-r93q / Nessus ID 298597)

Vuldb Updates
1 month 3 weeks ago
A vulnerability described as problematic has been identified in Kanboard up to 1.2.49. This affects an unknown function of the component getSwimlane API. The manipulation results in authorization bypass. This vulnerability is known as CVE-2026-25530. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-0965 | libssh Configuration File ssh_config_parse_file/ssh_bind_config_parse_file denial of service (Nessus ID 298598)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as problematic, was found in libssh. Impacted is the function ssh_config_parse_file/ssh_bind_config_parse_file of the component Configuration File Handler. The manipulation results in denial of service. This vulnerability was named CVE-2026-0965. The attack needs to be approached locally. There is no available exploit.
vuldb.com

CVE-2026-1703 | Python Packaging Authority pip up to 25.x Wheel Archive path traversal (EUVD-2026-5106 / Nessus ID 298602)

Vuldb Updates
1 month 3 weeks ago
A vulnerability categorized as critical has been discovered in Python Packaging Authority pip up to 25.x. This affects an unknown function of the component Wheel Archive Handler. Such manipulation leads to path traversal. This vulnerability is documented as CVE-2026-1703. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

The Hackers News
1 month 3 weeks ago
Cybersecurity researchers have discovered what they said is the first known malicious Microsoft Outlook add-in detected in the wild. In this unusual supply chain attack detailed by Koi Security, an unknown attacker claimed the domain associated with a now-abandoned legitimate add-in to serve a fake Microsoft login page, stealing over 4,000 credentials in the process. The activity has been
The Hacker News

Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability

Cyber Security News
1 month 3 weeks ago

An unprecedented surge in exploitation attempts targeting CVE-2026-1281, a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). On February 9, 2026, Shadowserver scans revealed over 28,300 unique source IP addresses attempting to exploit the flaw, marking one of the largest coordinated attack campaigns observed against enterprise mobile management infrastructure this year. CVE-2026-1281 is a pre-authentication […]

The post Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability appeared first on Cyber Security News.

Guru Baran

Proactive strategies for cyber resilience with Wazuh

Bleeping Computer.
1 month 3 weeks ago
Cyber resilience means anticipating threats, detecting them early, and recovering fast when incidents occur. Wazuh shows how its open source SIEM and XDR unify visibility, detection, and automated response to strengthen proactive defense. [...]
Sponsored by Wazuh

Managed ad