Aggregator

CVE-2014-2915 | Linux Foundation Xen 4.4.0 on ARM Hardware Access access control (XSA-93 / XFDB-92716)

1 month ago

A vulnerability was found in Linux Foundation Xen 4.4.0 on ARM. It has been rated as problematic. The affected element is an unknown function of the component Hardware Access Handler. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2014-2915. The attack is only possible with local access. There is not any exploit available. It is suggested to install a patch to address this issue.

vuldb.com

CVE-2014-2601 | HP Integrated Lights-Out up to 2.24 SSL Heartbleed Check denial of service (c04249852 / EDB-32745)

Vuldb Updates

1 month ago

A vulnerability identified as problematic has been detected in HP Integrated Lights-Out up to 2.24. This vulnerability affects unknown code of the component SSL Handler. Performing a manipulation as part of Heartbleed Check results in denial of service. This vulnerability is identified as CVE-2014-2601. The attack can be initiated remotely. Additionally, an exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2014-0188 | Red Hat openshift up to 2.0.5 improper authentication (Bug 1090120 / SBV-44467)

Vuldb Updates

1 month ago

A vulnerability was found in Red Hat openshift up to 2.0.5 and classified as problematic. The impacted element is an unknown function. Executing a manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2014-0188. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2014-2736 | MODX Revolution up to 2.0.8 index.php ID sql injection (ID 13032 / XFDB-92718)

Vuldb Updates

1 month ago

A vulnerability was found in MODX Revolution up to 2.0.8. It has been classified as critical. This affects an unknown function of the file index.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2014-2736. The attack may be initiated remotely. In addition, an exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2014-2734 | Ruby 2.0/2.0.0/2.1.1 Filesystem resource management (News 126218 / BID-66956)

Vuldb Updates

1 month ago

A vulnerability was found in Ruby 2.0/2.0.0/2.1.1. It has been declared as critical. This impacts an unknown function of the component Filesystem. The manipulation results in improper resource management. This vulnerability is cataloged as CVE-2014-2734. The attack may be launched remotely. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment.

vuldb.com

CVE-2014-0760 | Festo CECX-X-M1 Modular Controller improper authentication (EUVD-2014-0791 / XFDB-92892)

Vuldb Updates

1 month ago

A vulnerability was found in Festo CECX-X-M1 Modular Controller. It has been rated as critical. Affected is an unknown function. This manipulation causes improper authentication. This vulnerability is registered as CVE-2014-0760. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2014-2908 | Siemens SIMATIC S7 Cpu 1200 3.0.2 cross site scripting (ssa-892012 / EDB-44687)

Vuldb Updates

1 month ago

A vulnerability labeled as problematic has been found in Siemens SIMATIC S7 Cpu 1200 3.0.2. This affects an unknown part. Executing a manipulation can lead to cross site scripting. This vulnerability appears as CVE-2014-2908. The attack may be performed from remote. In addition, an exploit is available.

vuldb.com

CVE-2014-2909 | Siemens SIMATIC S7 Cpu 1200 3.0.2 code injection (ssa-892012)

Vuldb Updates

1 month ago

A vulnerability marked as critical has been reported in Siemens SIMATIC S7 Cpu 1200 3.0.2. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability is traded as CVE-2014-2909. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2013-5956 | Joomlaboat Com Youtubegallery 3.4.0 videofile cross site scripting (ID 125732 / XFDB-91821)

Vuldb Updates

1 month ago

A vulnerability described as problematic has been identified in Joomlaboat Com Youtubegallery 3.4.0. This issue affects some unknown processing. The manipulation of the argument videofile results in cross site scripting. This vulnerability is known as CVE-2013-5956. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

CVE-2014-2729 | EPiServer Ektron CMS prior 8.7.0 content.aspx category0 cross site scripting (ID 126187)

Vuldb Updates

1 month ago

A vulnerability classified as problematic has been found in EPiServer Ektron CMS. Impacted is an unknown function of the file content.aspx. This manipulation of the argument category0 causes cross site scripting. This vulnerability is handled as CVE-2014-2729. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-45000 | OpenClaw up to 2026.4.19 server-side request forgery (GHSA-j4c5-89f5-f3pm / EUVD-2026-29145)

Vuldb Updates

1 month ago

A vulnerability classified as critical has been found in OpenClaw up to 2026.4.19. This vulnerability affects unknown code. Performing a manipulation results in server-side request forgery. This vulnerability is cataloged as CVE-2026-45000. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2026-45001 | OpenClaw up to 2026.4.19 Setting config.apply authorization (GHSA-7jm2-g593-4qrc / EUVD-2026-29146)

Vuldb Updates

1 month ago

A vulnerability classified as critical was found in OpenClaw up to 2026.4.19. This issue affects some unknown processing of the file config.apply of the component Setting Handler. Executing a manipulation can lead to missing authorization. This vulnerability is registered as CVE-2026-45001. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

vuldb.com

Official CheckMarx Jenkins package compromised with infostealer

Bleeping Computer.

1 month ago

Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. [...]

Bill Toulas

New GhostLock tool abuses Windows API to block file access

Bleeping Computer.

1 month ago

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. [...]

Lawrence Abrams

Qilin

Dark Feed IO

1 month ago

You must login to view this content

cohenido

Google Says Hackers Used AI to Develop a Zero-Day Exploit

Hack Read

1 month ago

Google researchers say hackers used AI to develop zero-day exploits, Android backdoors, and automated supply chain attacks targeting GitHub and PyPI.

Deeba Ahmed

VMware at Pwn2Own Berlin 2026

VMWare Security Blog

1 month ago

Update, May 16, 2026 Pwn2Own 2026 has finished and we have witnessed one successful attempt on our products. On May 16, 2026, Nguyen Hoang Thach of STARLabs SG successfully demonstrated an exploit targeting VMware ESX. We are actively working on the remediation and we plan to publish a VMware Security Advisory to provide information on … Continued

The post VMware at Pwn2Own Berlin 2026 appeared first on VMware Security Blog.

Praveen Singh and Monty Ijzerman

KAMS PARIS Allegedly Breached Exposing 187,927 Customer Records From the French Niche Perfumery

Dark Web Informer - Cyber Threat Intelligence

1 month ago

A threat actor is selling the customer database of KAMS PARIS, a Parisian niche perfumery founded in 1960 and located at 6 Avenue de l’Opéra, specializing in rare niche perfumes, skincare, and beauty products with delivery across Europe.

Dark Web Informer

FCC Softens Ban on Foreign-Made Routers

darkreading

1 month ago

The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.

Jai Vijayan

The Threat Window Is Shrinking. The Response Gap Isn't

BankInfoSecurity.com

1 month ago

Patching Workflows Built for Weekly Cycles Can't Survive an Era of Hourly Exploits
AI is shrinking the window between vulnerability disclosure and active exploitation from weeks to hours. But remediation workflows haven't kept pace. Security teams need real-time intelligence, unified IT and security operations, and automated remediation to close the gap before attackers do.

Aggregator

Managed ad