Aggregator

Currently trending CVE - Hype Score: 62 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range ...

Currently trending CVE - Hype Score: 5 - Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

A newly documented vulnerability in Windows’ Out-of-Box-Experience (OOBE) allows users to bypass security restrictions and gain full administrative access to command prompt functionality, even when Microsoft’s intended protective measures are in place. Security researchers have identified an alternative method to exploit Windows OOBE that circumvents the well-known Shift+F10 keyboard shortcut restrictions. The vulnerability enables users […]

The post Windows Out-of-Box-Experience Flaw Enables Full Administrative Command Prompt Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Flowise up to 3.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Custom MCPs Feature. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-8943. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Flowise. It has been classified as problematic. Affected is an unknown function of the component POST Request Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-55346. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in disable-right-click-powered-by-pixterme and pixter-image-digital-license Plugin on WordPress and classified as critical. This issue affects some unknown processing of the component Javascript File Handler. The manipulation leads to inclusion of functionality from untrusted control sphere. The identification of this vulnerability is CVE-2025-8047. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Bosch Rexroth ctrlX OS up to 1.20.1/2.6.1/3.6.2 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to use of unmaintained third party components. This vulnerability was named CVE-2025-48862. Attacking locally is a requirement. There is no exploit available.

A vulnerability, which was classified as critical, was found in Bosch Rexroth ctrlX OS up to 1.20.1/2.6.1/3.6.2. This affects an unknown part of the component Task API Endpoint. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-48861. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Bosch Rexroth ctrlX OS up to 1.20.1/2.6.1/3.6.2. Affected by this issue is some unknown functionality of the component Web Application. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-48860. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in PPWP Plugin up to 1.9.10 on WordPress. Affected by this vulnerability is an unknown functionality of the component REST API. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is known as CVE-2025-5998. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cybersecurity firms are reporting a disturbing new trend in 2025: artificial intelligence assistants designed to boost productivity are inadvertently becoming destructive forces, causing massive system failures and data breaches. These incidents represent a fundamental shift from traditional external cybersecurity threats to internal risks created by well-intentioned AI tools operating with excessive permissions and vague instructions […]

The post ‘AI Induced Destruction’ – How AI Misuse is Creating New Attack Vectors appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

西门子RTLS 漏洞可致系统权限被劫持，建议尽快升级

看雪论坛作者ID：梦幻的彼岸

Mac mini M4、大疆 DJI Neo 无人机等大奖等你拿！！！快来组队～

7月网络谣言主要集中在公共政策、突发事件、社会民生等领域，假冒权威、凭空捏造，使用AI合成不实图片和视频，误导公众认知，污染网络生态。网信、公安等部门重拳出击，坚决打击。

近日，国家信息安全漏洞库收到关于Fortinet FortiWeb 安全漏洞（CNNVD-202508-1265、CVE-2025-52970）情况的报送。

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞107个，影响到微软产品的其他厂商漏洞0个。

本研究以中国海油为样本，提出“多维协同驱动”的网络安全教育体系创新框架。研究成果不仅为能源行业提供系统性解决方案，更通过教育生态与生产网络的深度耦合，形成立体化的安全防护体系，为国家能源安全保障与数字化转型战略落地提供实践参考。