Aggregator

A vulnerability has been found in discourse-ai and classified as problematic. This vulnerability affects unknown code of the component Post Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-54142. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Dimensional Gate Linux Ratfor up to 1.06. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-55577. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, has been found in H3C N12 V100R005. Affected by this issue is some unknown functionality of the file /bin/webs of the component POST Request Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-57482. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in H3C N12 V100R005. Affected by this vulnerability is an unknown functionality of the file /bin/webs of the component POST Request Handler. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-57471. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in H3C N12 V100R005. Affected is an unknown function of the file /bin/webs of the component POST Request Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-57473. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Mongoose up to 6.13.5/7.8.3/8.9.4. It has been rated as critical. This issue affects the function populate of the component Incomplete Fix CVE-2024-53900. The manipulation of the argument where leads to code injection. The identification of this vulnerability is CVE-2025-23061. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in H3C N12 V100R005. It has been declared as critical. This vulnerability affects unknown code of the file /bin/webs of the component AP Configuration Handler. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-57480. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in H3C N12 V100R005. It has been classified as critical. This affects an unknown part of the file /bin/webs of the component POST Request Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-57479. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in SilverStripe Framework up to 5.3.7 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-53277. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally to ensure data privacy. “We created Contextal Platform to address the stagnation in the cybersecurity market for advanced threat detection tools, particularly in the open-source domain. Existing solutions are often based on outdated … More →

The post Contextal Platform: Open-source threat detection and intelligence appeared first on Help Net Security.

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities ac

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344, CVSS score: 6.7), has not

Vulnerability / Server SecurityCybersecurity researchers have disclosed multiple security flaws in

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -

December 2024 marked the highest number of victims recorded in a single month. A key factor is likely the growth of the ransomware ecosystem itself.

In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents. Morris shares insights on the challenges of designing user-friendly cybersecurity tools that consider human cognitive processes. How do cognitive biases impact decision-making in cybersecurity incidents? Cognitive biases significantly influence decision-making during cybersecurity incidents by framing how individuals interpret information, assess risks, and respond to threats. Common biases, like favoring information that aligns with our assumptions … More →

The post Using cognitive diversity for stronger, smarter cyber defense appeared first on Help Net Security.

rsyncには複数の脆弱性が存在します。

A vulnerability, which was classified as critical, was found in Microsoft Windows up to Server 2019. This affects an unknown part in the library HTTP.sys of the component HTTP2 Handler. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2019-9514. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2019 and classified as critical. This vulnerability affects unknown code in the library HTTP.sys of the component HTTP2 Handler. The manipulation leads to resource consumption. This vulnerability was named CVE-2019-9518. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in HTTP2. Affected by this issue is some unknown functionality of the component SETTING Frame Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2019-9515. The attack may be launched remotely. There is no exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to apply restrictive firewalling.