Aggregator

A vulnerability classified as critical was found in Red Hat Enterprise Linux 6/7/8/9/10. This issue affects some unknown processing of the component D-BUS Interface. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-8067. The attack needs to be performed locally. There is not any exploit available.

A vulnerability classified as critical has been found in lycheeverse lychee-action up to 2.0.1. This vulnerability affects unknown code. This manipulation causes code injection. This vulnerability is registered as CVE-2024-48908. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

Submit #636414 / VDB-321779

A vulnerability described as critical has been identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. This vulnerability is cataloged as CVE-2025-9601. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/member_type_setup.php. The manipulation of the argument txtMemberType leads to sql injection. This vulnerability is listed as CVE-2025-9600. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as critical has been found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/month_setup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. This vulnerability is tracked as CVE-2025-9599. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results in sql injection. This vulnerability is identified as CVE-2025-9598. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. This vulnerability is referenced as CVE-2025-9597. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #636383 / VDB-321778

Cisco has issued a High-severity security advisory alerting customers to a critical vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of NX-OS Software for Cisco Nexus 3000 and 9000 Series switches.  Tracked as CVE-2025-20241 with a CVSS base score of 7.4, the flaw could allow an unauthenticated, Layer 2-adjacent attacker to send a malformed IS-IS […]

The post Cisco Nexus 3000 and 9000 Series Vulnerability Let Attackers Trigger DoS Attack appeared first on Cyber Security News.

A vulnerability was found in itsourcecode Sports Management System 1.0. It has been rated as critical. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. The identification of this vulnerability is CVE-2025-9596. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Anthropic показала, как ИИ стал соучастником преступлений.

MathWorks, a leading developer of mathematical simulation and computing software, revealed that a ransomware gang stole the data of over 10,000 people after breaching its network in April. [...]

Creators, Authors and Presenters: Danny Lazarev, Erez Harush

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Enhancing Secret Detection In Cybersecurity With Small LMs appeared first on Security Boulevard.

Fake IT support lures are being used to trick employees into installing remote‑access tools via Microsoft Teams

Submit #636370 / VDB-321775

Submit #636369 / VDB-321774

A vulnerability was found in code-projects Student Information Management System 1.0. It has been declared as problematic. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. This vulnerability was named CVE-2025-9595. The attack may be performed from a remote location. In addition, an exploit is available.

Submit #636365 / VDB-321773

Submit #636364 / VDB-321772