Aggregator

A vulnerability has been found in shishuocms 1.1 and classified as critical. This vulnerability affects the function handleRequest of the file src/main/java/com/shishuo/cms/action/manage/ManageUpLoadAction.java. The manipulation of the argument file leads to unrestricted upload. This vulnerability was named CVE-2025-1890. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #505754 / VDB-298410

Submit #505741 / VDB-298409

A vulnerability, which was classified as problematic, was found in seajs 2.2.3. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-51091. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in OpenID Connect. Affected by this issue is some unknown functionality of the component IETF OAuth 2.0. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-27371. The attack may be launched remotely. There is no exploit available.

A Threat Actor Claims to be Selling Admin Access to a Magento 2-Based Online Store in the UK

Submit #505736 / VDB-298408

A vulnerability classified as problematic was found in mavo 0.3.2. Affected by this vulnerability is an unknown functionality of the component HTML Element Handler. The manipulation leads to HTML injection. This vulnerability is known as CVE-2024-53388. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in umeditor 1.2.3. Affected is an unknown function of the component HTML Element Handler. The manipulation leads to HTML injection. This vulnerability is traded as CVE-2024-53387. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Advanced eMarketing Platform 6.8.3.0. It has been rated as critical. This issue affects some unknown processing of the component OpenLogFile Endpoint. The manipulation of the argument filename leads to path traversal. The identification of this vulnerability is CVE-2023-49031. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in OpenID Connect up to 1.0 errata set 2. It has been declared as problematic. This vulnerability affects unknown code of the component private_key_jwt. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-27370. The attack can be initiated remotely. There is no exploit available.

Submit #505525 / VDB-276807

A vulnerability was found in tsup 8.3.4. It has been classified as problematic. This affects the function document.currentScript of the file cjs_shims.js. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-53384. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in RustCrypto AEADs up to 0.4.2 and classified as problematic. Affected by this issue is some unknown functionality of the component aes-gcm. The manipulation leads to improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-27498. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ttop32 MouseTooltipTranslator up to 0.1.127 and classified as critical. Affected by this vulnerability is an unknown functionality of the file viewer.html of the component URL Parameter Handler. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2025-25303. The attack can be launched remotely. There is no exploit available.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Giants’ appeared first on Security Boulevard.

Новые метаповерхности смогут не только передавать данные, но и наблюдать за изменениями в пространстве.

Cybersecurity researchers have uncovered a surge in the use of Advanced Encryption Standard (AES) encryption by threat actors to shield malicious payloads from detection. This technique, combined with code virtualization and staged payload delivery, is being employed by malware families such as Agent Tesla, XWorm, and FormBook/XLoader to evade static analysis tools and sandbox environments. […]

The post Threat Actors Exploiting AES Encryption for Stealthy Payload Protection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaspersky’s latest report on mobile malware evolution in 2024 reveals a significant increase in cyber threats targeting mobile devices. The security firm’s products blocked a staggering 33.3 million attacks involving malware, adware, or unwanted mobile software throughout the year. Mobile Malware Landscape Evolves with New Distribution Schemes Adware continued to dominate the mobile threat landscape, […]

The post 33.3 Million Cyber Attacks Targeted Mobile Devices in 2024 as Threats Surge appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. [...]