Aggregator
Apple fixes zero-day exploited in 'extremely sophisticated' attacks
1 year 5 months ago
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and "extremely sophisticated" attacks. [...]
Sergiu Gatlan
Submit #497357: codeprojects Wazifa v1.0 SQL Injection [Accepted]
1 year 5 months ago
Submit #497357 / VDB-295147
eXVtaW5n
Submit #497356: codeprojects Wazifa v1.0 Cross Site Scripting [Accepted]
1 year 5 months ago
Submit #497356 / VDB-295146
eXVtaW5n
Submit #497355: codeprojects Wazifa v1.0 Cross Site Scripting [Accepted]
1 year 5 months ago
Submit #497355 / VDB-295145
eXVtaW5n
CVE-2025-1207 | phjounin TFTPD64 4.64 DNS denial of service
1 year 5 months ago
A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service.
This vulnerability was named CVE-2025-1207. The attack needs to be done within the local network. Furthermore, there is an exploit available.
vuldb.com
Ubuntu security advisory (AV25-067)
1 year 5 months ago
Canadian Centre for Cyber Security
IBM security advisory (AV25-066)
1 year 5 months ago
Canadian Centre for Cyber Security
Submit #497249: PJO2 TFTPD64 v4.64 Denial of Service [Accepted]
1 year 5 months ago
Submit #497249 / VDB-295144
Senatorhotchkiss
A Threat Actor Claims to be Selling the Data of Cin Learn
1 year 5 months ago
A Threat Actor Claims to be Selling the Data of Cin Learn
Dark Web Informer - Cyber Threat Intelligence
Submit #497045: ofcms 1.1.3 Overreach of authority [Duplicate]
1 year 5 months ago
Submit #497045 / VDB-196788
Caigo
Submit #497043: ofcms 1.1.3 Overstepping your authority [Duplicate]
1 year 5 months ago
Submit #497043 / VDB-196788
Caigo
CVE-2025-1206 | Codezips Gym Management System 1.0 viewdetailroutine.php id sql injection
1 year 5 months ago
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-1206. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-42513 | OPC UA .NET Standard Stack prior 1.5.374.158 HTTPS Endpoint improper authentication
1 year 5 months ago
A vulnerability was found in OPC UA .NET Standard Stack and classified as critical. Affected by this issue is some unknown functionality of the component HTTPS Endpoint Handler. The manipulation leads to improper authentication.
This vulnerability is handled as CVE-2024-42513. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-42512 | OPC UA .NET Standard Stack prior 1.5.374.158 Basic128Rsa15 Security Policy improper authentication
1 year 5 months ago
A vulnerability has been found in OPC UA .NET Standard Stack and classified as critical. Affected by this vulnerability is an unknown functionality of the component Basic128Rsa15 Security Policy. The manipulation leads to improper authentication.
This vulnerability is known as CVE-2024-42512. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2009-3802 | Amiro.CMS up to 5.4.0.0 Error Message input validation (EDB-9867 / XFDB-53894)
1 year 5 months ago
A vulnerability classified as problematic has been found in Amiro.CMS up to 5.4.0.0. This affects an unknown part of the component Error Message Handler. The manipulation leads to improper input validation.
This vulnerability is uniquely identified as CVE-2009-3802. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Hacker pleads guilty to SIM swap attack on US SEC X account
1 year 5 months ago
Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack. [...]
Sergiu Gatlan
Submit #496961: Codezips Gym Management System in PHP with Source Code V1.0 SQL Injection [Accepted]
1 year 5 months ago
Submit #496961 / VDB-295143
sekainosakura
MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier
1 year 5 months ago
We’re just getting started down the road to the Internet of Everything (IoE.)
Related: IoT growing at a 24% clip
To get there – to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge … (more…)
The post MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier first appeared on The Last Watchdog.
The post MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier appeared first on Security Boulevard.
bacohido
CVE-2024-57408 | cool-admin-java 1.0 File /comm/upload unrestricted upload
1 year 5 months ago
A vulnerability, which was classified as critical, was found in cool-admin-java 1.0. Affected is an unknown function of the file /comm/upload of the component File Handler. The manipulation leads to unrestricted upload.
This vulnerability is traded as CVE-2024-57408. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com