Aggregator

CVE-2023-20164 | Cisco Identity Services Engine os command injection (cisco-sa-ise-injection-sRQnsEU9 / EUVD-2023-24343)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine. It has been classified as critical. This affects an unknown part. This manipulation causes os command injection. This vulnerability is tracked as CVE-2023-20164. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-20166 | Cisco Identity Services Engine path traversal (cisco-sa-ise-traversal-ZTUgMYhu / EUVD-2023-24345)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine. It has been declared as problematic. This vulnerability affects unknown code. Such manipulation leads to path traversal: '../filedir'. This vulnerability is listed as CVE-2023-20166. The attack must be carried out locally. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-20167 | Cisco Identity Services Engine path traversal (cisco-sa-ise-traversal-ZTUgMYhu / EUVD-2023-24346)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine. It has been rated as problematic. This issue affects some unknown processing. Performing manipulation results in path traversal: '../filedir'. This vulnerability is cataloged as CVE-2023-20167. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2023-20171 | Cisco Identity Services Engine client-side enforcement of server-side security (cisco-sa-ise-file-delete-read-PK5ghDDd / EUVD-2023-24350)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine and classified as critical. This issue affects some unknown processing. Such manipulation leads to client-side enforcement of server-side security. This vulnerability is referenced as CVE-2023-20171. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-20163 | Cisco Identity Services Engine os command injection (cisco-sa-ise-injection-sRQnsEU9 / EUVD-2023-24342)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine and classified as critical. Affected by this issue is some unknown functionality. The manipulation results in os command injection. This vulnerability is identified as CVE-2023-20163. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

New Android Spyware Disguised as an Antivirus Attacking Business Executives

Cyber Security News
5 months 3 weeks ago

In recent months, security teams have observed the emergence of a highly versatile Android backdoor, Android.Backdoor.916.origin, masquerading as a legitimate antivirus application. Distributed via private messaging services under the guise of “GuardCB,” its icon closely mimics the emblem of the Central Bank of the Russian Federation against a shield background. Although the interface displays only […]

The post New Android Spyware Disguised as an Antivirus Attacking Business Executives appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-9474 | Mihomo Party up to 1.8.1 on macOS Socket src/main/sys/sysproxy.ts enableSysProxy temp file

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability classified as critical was found in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation results in creation of temporary file with insecure permissions. This vulnerability is reported as CVE-2025-9474. The attack requires a local approach. Moreover, an exploit is present.
vuldb.com

CVE-2024-46412 | Rebuild 3.7.7 GET Request /commons/ip-location prehandle access control

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability marked as critical has been reported in Rebuild 3.7.7. The impacted element is the function prehandle of the file /commons/ip-location of the component GET Request Handler. Performing manipulation results in improper access controls. This vulnerability is cataloged as CVE-2024-46412. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-56216 | PHPGurukul Hospital Management System 4.0 about-us.php pagetitle sql injection

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability labeled as critical has been found in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file about-us.php. Such manipulation of the argument pagetitle leads to sql injection. This vulnerability is listed as CVE-2025-56216. The attack may be performed from a remote location. There is no available exploit.
vuldb.com

Managed ad