Aggregator

A vulnerability classified as critical was found in Dassault Systèmes SOLIDWORKS eDrawings up to 2025. This affects an unknown function of the component JT File Parser. The manipulation results in use of uninitialized variable. This vulnerability was named CVE-2025-9450. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as critical has been found in Dassault Systèmes SOLIDWORKS eDrawings up to 2025. The impacted element is an unknown function of the component PAR File Parser. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-9449. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability described as problematic has been identified in Dassault Systèmes SOLIDWORKS eDrawings up to 2025. The affected element is an unknown function of the component PAR File Parser. Executing manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2025-9447. The attack can be executed remotely. There is not any exploit available.

A vulnerability marked as critical has been reported in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. This vulnerability is known as CVE-2025-10599. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

American First Finance, LLC, a Dallas-based financial services firm, suffered a significant insider breach when a recently terminated employee exploited unauthorized access to its production database.  The incident, dubbed the FinWise insider breach, resulted in the exfiltration of sensitive customer records nearly 689,000 names, Social Security numbers, and other personal identifiers via direct SQL queries […]

The post FinWise Insider Breach Exposes 700K Customer Records to Former Employee appeared first on Cyber Security News.

Submit #649501 / VDB-324616

Новая система обновлений вызывает споры в IT-сообществе.

A vulnerability labeled as critical has been found in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. This vulnerability is traded as CVE-2025-10598. The attack may be launched remotely. Furthermore, there is an exploit available.

ManageEngine unveiled that its security information and event management (SIEM) solution, Log360, has been strengthened with a reengineered threat detection approach, in a major enhancement aimed at addressing the needs of security operations center (SOC) teams. Over 60% of SOC teams are overwhelmed with irrelevant threat data, of which a majority (53%) of cloud security alerts can be considered noise, according to the 2025 Threat Intelligence Benchmark study commissioned by Google. ManageEngine’s latest release bolsters … More →

The post ManageEngine enhances Log360 to reduce alert fatigue for SOC teams appeared first on Help Net Security.

ブラザー工業株式会社およびそのOEMベンダーが提供する複数の製品では、初期設定における管理者パスワードは製品のシリアル番号から容易に導出可能です。

A vulnerability identified as critical has been detected in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. This vulnerability appears as CVE-2025-10597. The attack may be initiated remotely. There is no available exploit. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

大模型安全避坑指南

A vulnerability categorized as critical has been discovered in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. This vulnerability is reported as CVE-2025-10596. The attack can be launched remotely. Moreover, an exploit is present.

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems.  The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […]

The post Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in ABB 2.4 Display 55, 2.4 Display 63, RoomTouch 4 and BCU KNX. This affects an unknown function of the component KNX Bus-System. The manipulation results in improper access controls. This vulnerability was named CVE-2024-4008. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability identified as critical has been detected in zephyrproject-rtos Zephyr up to 3.6. This vulnerability affects the function adv_ext_report of the component HCI. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2024-6259. The attack needs to be done within the local network. There is no exploit available.

A vulnerability marked as critical has been reported in zephyrproject-rtos Zephyr up to 3.6. Impacted is the function rfcomm_handle_data of the component BT. Performing manipulation of the argument net_buf results in heap-based buffer overflow. This vulnerability is identified as CVE-2024-6258. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability described as critical has been identified in zephyrproject-rtos Zephyr up to 3.6. The affected element is the function get_att_search_list of the component BT. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2024-6137. The attack is only possible within the local network. No exploit exists.

A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 3.6. This affects the function bap_broadcast_assistant of the component BT. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-5931. The attack must originate from the local network. There is no exploit available.