Aggregator

Восстание машин всё ближе…

A vulnerability, which was classified as critical, has been found in GuardDuty. This issue affects the function GetBucketPublicAccessBlock/GetBucketPolicyStatus of the component S3 Bucket Policy Handler. The manipulation leads to permission issues. The attack can only be initiated within the local network. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A critical security vulnerability, tracked as CVE-2025-24813, has been discovered in Apache Tomcat, a widely used open-source Java servlet container and web server. This flaw, stemming from improper handling of file paths, particularly those containing internal dots (e.g., file.Name)—can allow attackers to bypass security controls, leading to remote code execution (RCE), information disclosure, and malicious […]

The post Apache Tomcat RCE Vulnerability Exposed with PoC Released appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical was found in Apache NuttX RTOS up to 12.8.x. This vulnerability affects unknown code of the component Bluetooth Stack. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-35003. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical has been found in Canon Satera MF656Cdw, Satera MF654Cdw, Satera MF551dw, Satera MF457dw, Color imageCLASS MF656Cdw, Color imageCLASS MF654Cdw, Color imageCLASS MF653Cdw, Color imageCLASS MF652Cdw, Color imageCLASS LBP633Cdw, Color imageCLASS LBP632Cdw, imageCLASS MF455dw, imageCLASS MF453dw, imageCLASS MF452dw, imageCLASS MF451dw, imageCLASS LBP237dw, imageCLASS LBP236dw, imageCLASS X MF1238 II, imageCLASS X MF1643i II, imageCLASS X MF1643iF II, imageCLASS X LBP1238 II, i-SENSYS MF657Cdw, i-SENSYS MF655Cdw, i-SENSYS MF651Cdw, i-SENSYS LBP633Cdw, i-SENSYS LBP631Cdw, i-SENSYS MF553dw, i-SENSYS MF552dw, i-SENSYS MF455dw, i-SENSYS MF453dw, i-SENSYS LBP236dw, i-SENSYS LBP233dw, imageRUNNER 1643iF II, imageRUNNER 1643i II, i-SENSYS X 1238iF II, i-SENSYS X 1238i II, i-SENSYS X 1238P II and i-SENSYS X 1238Pr II up to 05.07. This affects an unknown part of the component WebService Authentication. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-2146. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Mozilla Firefox 44. This issue affects the function nsHtml5TreeBuilder of the component HTML5 String Parser. The manipulation leads to use after free. The identification of this vulnerability is CVE-2016-1960. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

300 серверов, 650 доменов, 21 миллион евро — и это только начало.

A newly disclosed vulnerability, CVE-2024-6914, has shocked the enterprise software community, affecting a wide range of WSO2 products. The flaw, rated with a CVSS score of 9.8 (Critical), stems from an incorrect authorization mechanism in the account recovery-related SOAP admin service. This business logic error allows attackers to exploit the service and reset the password […]

The post Severe WSO2 SOAP Flaw Allows Unauthorized Password Resets for Any Use appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Name: NahamCon CTF 2025 (an Just Hacking event.)
Date: May 23, 2025, 7 p.m. — 25 May 2025, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.nahamcon.com/
Rating weight: 53.77
Event organizers: JohnHammond

Name: HACK'OSINT CTF - 2025 (an HACK'OSINTCTF event.)
Date: May 23, 2025, 7 p.m. — 25 May 2025, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: France
Offical URL: https://ctf.hackolyte.fr/
Rating weight: 0.00
Event organizers: Hack'olyte

Name: DaVinciCTF 2025 (an DaVinciCTF event.)
Date: May 24, 2025, 10 a.m. — 25 May 2025, 20:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: La Défense - Paris
Offical URL: https://dvc.tf/
Rating weight: 45.00
Event organizers: DaVinciCode

快速浏览！2025.5.19—5.25安全动态周回顾。

目前，这些报告指出联想、戴尔和惠普的各种系统配置和设备都受到了影响，所以目前还不清楚这是由特定的硬件还是软件问题引起的。

Российский сервис пуш-уведомлений от разработчика МУЛЬТИФАКТОР.

A vulnerability classified as problematic has been found in DragonByte vBShout Module 5.2.2 on vBulletin. This affects an unknown part of the file vbshout.php. The manipulation of the argument shout as part of Parameter leads to cross site scripting. This vulnerability is uniquely identified as CVE-2012-6667. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Microsoft Windows Vista SP2 up to Server 2012 R2. This vulnerability affects unknown code of the component Kernel. The manipulation leads to improper access controls. This vulnerability was named CVE-2015-6100. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Всё начинается с обычного установщика, а заканчивается полной потерей контроля.

A vulnerability classified as critical has been found in Sun Solaris 8/9/10. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2008-3450. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in OpenVPN 2.1. It has been declared as critical. This vulnerability affects unknown code of the component iproute. The manipulation leads to configuration. This vulnerability was named CVE-2008-3459. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Host Integration Server 2000/2004/2006 and classified as very critical. Affected by this vulnerability is the function CreateProcess. The manipulation leads to improper authentication. This vulnerability is known as CVE-2008-3466. The attack can be launched remotely. Furthermore, there is an exploit available.