Aggregator

CVE-2025-26795 | Apache IoTDB JDBC Driver up to 1.3.3/2.0.2 log file (EUVD-2025-14872)

9 months ago

A vulnerability, which was classified as problematic, was found in Apache IoTDB JDBC Driver up to 1.3.3/2.0.2. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-26795. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-26864 | Apache IoTDB up to 1.3.3/2.0.2 OpenID Authentication log file (EUVD-2025-14874)

Vuldb Updates

9 months ago

A vulnerability has been found in Apache IoTDB up to 1.3.3/2.0.2 and classified as problematic. This vulnerability affects unknown code of the component OpenID Authentication. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2025-26864. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-3769 | Latepoint Plugin up to 5.1.92 on WordPress view_booking_summary_in_lightbox resource injection (EUVD-2025-14868)

Vuldb Updates

9 months ago

A vulnerability was found in Latepoint Plugin up to 5.1.92 on WordPress and classified as problematic. Affected by this issue is the function view_booking_summary_in_lightbox. The manipulation leads to improper control of resource identifiers. This vulnerability is handled as CVE-2025-3769. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-4430 | Naukowa i Akademicka Sieć Komputerowa EZD RP up to 20.18 /api/Token/gettoken authorization (EUVD-2025-14870)

Vuldb Updates

9 months ago

A vulnerability was found in Naukowa i Akademicka Sieć Komputerowa EZD RP up to 20.18. It has been classified as critical. This affects an unknown part of the file /api/Token/gettoken. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-4430. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-47445 | Themewinter Eventin Plugin up to 4.0.26 on WordPress path traversal (EUVD-2025-14869)

Vuldb Updates

9 months ago

A vulnerability classified as problematic has been found in Themewinter Eventin Plugin up to 4.0.26 on WordPress. Affected is an unknown function. The manipulation leads to relative path traversal. This vulnerability is traded as CVE-2025-47445. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File

Cyber Security News

9 months ago

Samsung has disclosed a critical security vulnerability (CVE-2025-4632) affecting its MagicINFO 9 Server platform, a widely deployed content management system used for digital signage across retail, transportation, healthcare, and corporate environments worldwide. The flaw allows unauthenticated attackers to write arbitrary files with system-level privileges, potentially leading to complete system compromise. Critical Path Traversal in Samsung […]

The post Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File appeared first on Cyber Security News.

Kaaviya

Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

9 months ago

Cisco Talos, in collaboration with The Vertex Project, has introduced an innovative approach to tackle the rising complexity of compartmentalized cyber threats. As modern cyberattacks increasingly involve multiple threat actors executing distinct stages of an attack kill chain-such as initial access, exploitation, and ransomware deployment-traditional threat modeling frameworks like the Diamond Model have struggled to […]

The post Researchers Unveil New Mechanism to Track Compartmentalized Cyber Threats appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Defensie verhoogt de Alert State

Defensie.nl - Nieuwsberichten

9 months ago

Defensie verhoogt vanaf vandaag de zogeheten ‘Alert State’. Deze gaat van het eerste naar het tweede niveau (A naar A+). In totaal zijn er 6. Reden voor de verhoging is een toegenomen dreiging. Defensie heeft de Kamer hierover vandaag geïnformeerd.

Adobe Photoshop Vulnerability Let Attackers Execute Arbitrary Code

Cyber Security News

9 months ago

Adobe has released critical security updates for Photoshop on both Windows and macOS platforms after discovering multiple severe vulnerabilities that could allow attackers to execute arbitrary code on victims’ systems. The security bulletin addresses three critical flaws affecting Photoshop 2025 (version 26.5 and earlier) and Photoshop 2024 (version 25.12.2 and earlier). Multiple Critical Flaws Discovered […]

The post Adobe Photoshop Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.

Guru Baran

Akira

Dark Feed IO

9 months ago

You must login to view this content

cohenido

Akira

Dark Feed IO

9 months ago

You must login to view this content

cohenido

CVE-2025-47292 | cap-collectif deserialization (GHSA-hf7r-rjh4-5fc8)

Vuldb Updates

9 months ago

A vulnerability, which was classified as critical, has been found in cap-collectif. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2025-47292. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2025-2875 | Schneider Electric Modicon Controllers LMC058 URL external reference (SEVD-2025-133-01 / EUVD-2025-14678)

Vuldb Updates

9 months ago

A vulnerability, which was classified as problematic, was found in Schneider Electric Modicon Controllers M241, Modicon Controllers M251, Modicon Controllers M258 and Modicon Controllers LMC058. Affected is an unknown function of the component URL Handler. The manipulation leads to externally controlled reference. This vulnerability is traded as CVE-2025-2875. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-3931 | Red Hat Enterprise Linux/Satellite Yggdrasil insufficient permissions or privileges (RHSA-2025:7592 / EUVD-2025-14867)

Vuldb Updates

9 months ago

A vulnerability was found in Red Hat Enterprise Linux and Satellite and classified as critical. Affected by this issue is some unknown functionality of the component Yggdrasil. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is handled as CVE-2025-3931. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

Russian military cadet reportedly arrested for selling hacking tool to FSB agent

The Record

9 months ago

A Russian military cadet reportedly developed an algorithm that could bypass the protective infrastructure of law enforcement software and gain access to restricted data.

New HTTPBot Botnet Rapidly Expands to Target Windows Machines

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

9 months ago

The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen a sharp rise in activity since its first detection in August 2024. According to the latest findings from NSFOCUS Fuying Lab’s Global Threat Hunting system, HTTPBot has rapidly expanded its reach, particularly in April 2025, with over 200 attack instructions issued. […]

The post New HTTPBot Botnet Rapidly Expands to Target Windows Machines appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

The Hackers News

9 months ago

A new global phishing threat called "Meta Mirage" has been uncovered, targeting businesses using Meta's Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages. Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing

The Hacker News

Alabama state government says cyber incident’s effects are limited, but response continues

The Record

9 months ago

The state's Office of Information Technology (OIT) said it has called in two incident response teams for around-the-clock mitigation following a "cybersecurity event” discovered last week.

Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation

Bleeping Computer.

9 months ago

New phishing tactics are abusing trusted domains, real CAPTCHAs, and server-side email validation to selectively target victims with customized fake login pages. Keep Aware's latest research breaks down the full attack chain and how these zero-day phish operate. [...]

Kosovar Man in Tampa Jail for Running Online Illicit Bazaar

Ransomware DataBreachToday.com

9 months ago

Prosecutors Say Liridon Masurica Ran BlackDB.cc
A Kosovar man is being held in a Tampa, Florida, jail after being extradited on charges that he was the main administrator of an online illicit marketplace in operation since 2018. Prosecutors accused Liridon Masurica, 33, of being the force behind BlackDB.cc.

Aggregator

Managed ad