Aggregator

A vulnerability was found in yubiserver up to 0.5 and classified as critical. Affected by this issue is the function sprintf. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2015-0843. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in NetEase NeacSafe64 Driver and classified as problematic. Affected by this vulnerability is an unknown functionality in the library NeacSafe64.sys of the component IOCTL Handler. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2025-45737. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Infinispan. Affected is an unknown function of the component CLI. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-5731. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in git-annex. This issue affects some unknown processing of the component S3/Glacier. The manipulation leads to cleartext storage of sensitive information. The identification of this vulnerability is CVE-2014-6274. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in pdns up to 3.3.1 on Debian. This vulnerability affects unknown code of the component MySQL User Handler. The manipulation leads to permission issues. This vulnerability was named CVE-2014-7210. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Attackers are more inclined to “log in rather than break in,” using stolen credentials, legitimate tools, and native access to stealthily blend into their target’s environment, according to Bitdefender’s 2025 Cybersecurity Assessment Report. Attack surface reduction is a top priority 68% of security leaders are focusing on reducing the number of tools and applications running in their environments. Why? Because every unused admin account, unnecessary app, or extra permission is a potential doorway for attackers, … More →

The post After a hack many firms still say nothing, and that’s a problem appeared first on Help Net Security.

A CVSS score 8.8 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ZDI team' was reported to the affected vendor on: 2025-06-27, 83 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-06-27, 81 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-06-27, 82 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.2 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by '06fe5fd2bc53027c4a3b7e395af0b850e7b8a044' was reported to the affected vendor on: 2025-06-27, 83 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.0 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nicholas Zubrisky (@NZubrisky) of Trend Research' was reported to the affected vendor on: 2025-06-27, 53 days ago. The vendor is given until 2025-10-25 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A newly disclosed critical vulnerability in the Open VSX Registry, the open-source marketplace for Visual Studio Code (VS Code) extensions, has put millions of developers worldwide at risk of devastating supply chain attacks. The flaw, discovered by cybersecurity researchers at Koi Security, could have allowed attackers to seize control of the entire extensions marketplace, enabling […]

The post Open VSX Marketplace Flaw Enables Millions of Developers at Risk of Supply Chain Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BSOD переживает ребрендинг, но суть его осталась прежней: боль, перезагрузка, паника.

文章探讨了创业 pitching 的关键策略，强调通过讲述引人入胜的故事打动投资者。作者建议创业者避免冗长的技术细节，而是专注于展示团队的热情和执着，并通过真实的数据和案例来证明产品的价值和市场的潜力。

A vulnerability, which was classified as very critical, was found in nekernel up to 0.0.2. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-52568. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Advantech Wireless Sensing and Equipment A2.01 B00. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-48462. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Gogs up to 0.14.0+dev. Affected by this vulnerability is an unknown functionality of the file public/plugins/. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n and classified as problematic. This issue affects some unknown processing. The manipulation leads to unprotected storage of credentials. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-6560. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Sapido BR071n, BR261c, BR270n, BR476n, BRC70n, BRC70x, BRC76n, BRD70n, BRE70n, BRE71n, BRF61c and BRF71n. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-6559. The attack can be launched remotely. There is no exploit available.