Aggregator

Security researchers have uncovered a critical vulnerability in Windows s

Security researchers have uncovered a critical vulnerability in Windows stemming from its “Best-Fit” character conversion feature, which has been exploited to execute remote code.  This newly identified attack surface, dubbed “WorstFit,” leverages certain features of Windows’ internal character encoding system to launch sophisticated attacks, including path traversal, argument injection, and remote code execution (RCE). The […]

The post Windows Charset Conversion Feature Exploited to Execute Remote Code appeared first on Cyber Security News.

Новый законопроект вызвал беспокойство международного сообщества.

A vulnerability was found in OTRS and OTRS Community Edition up to 7.0.x/8.0.x/2023.x/2024.x/2025.1.x. It has been declared as critical. This vulnerability affects unknown code of the component HTTP Response Header Handler. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-43445. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OTRS and OTRS Community Edition up to 7.0.x/8.0.x/2023.x/2024.x/2025.1.x. It has been classified as critical. This affects an unknown part of the component Generic Interface Module. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2024-43446. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OTRS and OTRS Community Edition 7.0.x/8.0.x/2023.x/2024.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to sensitive information in log files. This vulnerability is handled as CVE-2025-24389. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OTRS 7.0.x/8.0.x/2023.x/2024.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. This vulnerability is known as CVE-2025-24390. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in IBM InfoSphere Master Data Management 11.6/12.0/14.0. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-46187. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Alienvault OSSIM and USM up to 5.3.1. It has been classified as critical. Affected is an unknown function of the component Widget. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2016-8580. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MyClientBase 0.12 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2012-3840. The attack may be launched remotely. Furthermore, there is an exploit available.