Aggregator

CVE-2025-48909 | Huawei HarmonyOS 5.0.0 Device Management Channel improper authentication (EUVD-2025-17066)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been rated as critical. This issue affects some unknown processing of the component Device Management Channel. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-48909. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com

CVE-2025-48911 | Huawei HarmonyOS 5.0.0 Note Sharing Module privileges assignment (EUVD-2025-17064)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical was found in Huawei HarmonyOS 5.0.0. Affected by this vulnerability is an unknown functionality of the component Note Sharing Module. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-48911. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com

CVE-2025-48908 | Huawei HarmonyOS 5.0.0 Ability Auto Startup Service unsynchronized access to shared data in a multithreaded context (EUVD-2025-17063)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as critical. This vulnerability affects unknown code of the component Ability Auto Startup Service. The manipulation leads to unsynchronized access to shared data in a multithreaded context. This vulnerability was named CVE-2025-48908. An attack has to be approached locally. There is no exploit available.
vuldb.com

CVE-2025-4191 | PHPGurukul Employee Record Management System 1.3 /editmyeducation.php coursepg/yophsc sql injection (EUVD-2025-12813)

Vuldb Updates
3 months 2 weeks ago
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. This vulnerability is known as CVE-2025-4191. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-4412 | SparkLabs Viscosity up to 1.11.4 on macOS viscosity_openvpn default permission (EUVD-2025-17060)

Vuldb Updates
3 months 2 weeks ago
A vulnerability classified as critical has been found in SparkLabs Viscosity up to 1.11.4 on macOS. Affected is an unknown function of the component viscosity_openvpn. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-4412. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

PoC Exploit Released for Apache Tomcat DoS Vulnerability

Cyber Security News
3 months 2 weeks ago

A proof-of-concept exploit targeting a critical denial-of-service vulnerability in Apache Tomcat has been publicly released, exposing servers running versions 10.1.10 through 10.1.39 to potential attacks.  The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances.  Security researcher Abdualhadi Khalifa developed and published the exploit code on June […]

The post PoC Exploit Released for Apache Tomcat DoS Vulnerability appeared first on Cyber Security News.

Guru Baran

Managed ad