Aggregator

A vulnerability, which was classified as critical, has been found in Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file /admin/update_traveller.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2022-40352. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /admin/up_booking.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2022-40353. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Strapi up to 3.6.9/4.1.9. Affected is an unknown function of the component Admin API Response Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2022-31367. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Chipolo ONE Bluetooth Tracker 2020 4.13.0 on iOS. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2022-37193. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical was found in JFinal CMS 5.1.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2022-37209. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Check Point ZoneAlarm Extreme Security 4.2.712/9.1.507.000. Affected by this issue is some unknown functionality of the file %PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates. The manipulation leads to permission issues. This vulnerability is handled as CVE-2022-41604. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this issue is some unknown functionality of the component Extensions API. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2022-3047. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A sophisticated cyber threat group designated as UAT-6382 has been actively exploiting a critical zero-day vulnerability in Cityworks, a popular asset management system used by local governments across the United States. The vulnerability, tracked as CVE-2025-0994, allows remote code execution and has been under active exploitation since January 2025. The attackers have demonstrated a particular […]

The post UAT-638 Hackers Exploit Cityworks Zero-Day to Attack IIS Servers With VSHell Malware appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Spotlight Plugin up to 1.7.1 on WordPress. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-39498. The attack may be initiated remotely. There is no exploit available.

MIT Technology Review 的一项新分析显示，AI 的能源需求惊人，预计到 2028 年数据中心用电量在美国总电力消耗的占比将从目前的 4.4% 增至 12%。根据劳伦斯伯克利国家实验室去年 12 月发布的预测，到 2028 年数据中心一半以上的电力将用于 AI，仅 AI 一项每年的用电量就相当于美国家庭用电量的 22%。在 AI 流行前，数据中心的用电量维持平稳，即使科技巨头建造了大量新数据中心，但效率的提升使得耗电量并没有攀升。AI 的出现改变了这一切，当数据中心开始采用专为 AI 设计的高能耗硬件之后，耗电量开始飙升。对电力的高涨需求促使数据中心转向天然气等污染更严重的能源，今天数据中心的碳排放强度(carbon intensity)比美国平均水平高出 48%。

A vulnerability classified as problematic was found in Experto CTA Widget Plugin up to 1.1.1 on WordPress. This vulnerability affects the function esc_admin_side_ajax_function. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-47529. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in TagLib 1.x. This affects an unknown part of the component WAV File Handler. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2023-47466. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Checkmk up to 2.1.0/2.2.0p41/2.3.0p31/2.4.0p0 on Linux/Solaris. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Automatic Agent Updates. The manipulation leads to incorrect permission assignment. This vulnerability is handled as CVE-2025-32915. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 18.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component GraphQL Query Handler. The manipulation leads to insufficient granularity of access control. This vulnerability is known as CVE-2025-1110. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.10.6/17.11.2/18.0.0. It has been classified as problematic. Affected is an unknown function of the component WebUI. The manipulation leads to insufficient granularity of access control. This vulnerability is traded as CVE-2025-4979. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

INE Security, a global leader in Cybersecurity training and certifications, has announced a strategic partnership with Abadnet Institute for Training, a Riyadh-based leader in specialized Information Technology, Cybersecurity, and Networking training. The collaboration leverages INE Security’s internationally recognized cybersecurity training content and Abadnet’s established presence in the Saudi Arabian market to deliver comprehensive cybersecurity education programs across the […]

The post INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia appeared first on Cyber Security News.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.10.6/17.11.2/18.0.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2025-3111. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.10.6/17.11.2/18.0.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-2853. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OpenSSL 3.5.0. This affects the function x509_main of the file apps/x509.c of the component x509 Application. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-4575. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 15.5. This issue affects some unknown processing of the component Apple Neural Engine. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2022-32845. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.