Aggregator

A vulnerability classified as critical was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-8907. An attack has to be approached locally. Furthermore, there is an exploit available. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services".

Submit #626276 / VDB-319862

Submit #624554 / VDB-319861

Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, was announced on August 12, 2025, and will roll out to users […]

The post Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability in the Fortinet FortiSIEM platform allows unauthenticated attackers to execute arbitrary commands remotely.  The vulnerability CVE-2025-25256, classified as CWE-78 (OS Command Injection), has been actively exploited in the wild with practical exploit code already circulating among threat actors. Key Takeaways1. Critical FortiSIEM flaw actively exploited with PoC in the wild.2. Targets […]

The post Critical FortiSIEM Vulnerability Lets Attackers Execute Malicious Commands – PoC Found in the Wild appeared first on Cyber Security News.

研究人员发现了一种新型勒索软件Charon，针对中东公共部门和航空业展开定向攻击。该恶意软件采用DLL侧加载等高级技术，并具备破坏安全服务、删除备份等功能。其攻击手法可能与地球百 Xia 组织相关联。

Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East's public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, exhibited tactics mirroring those of advanced persistent threat (APT) groups, such as DLL side-loading, process injection, and the ability

A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism. Vulnerability Details and Impact The […]

The post FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Debian GNU/Hurd 2025 发布，基于微内核架构的 GNU Hurd 内核已有逾 30 年历史但尚未发布 1.0 版本。该发行版支持 i386 和 amd64 架构，包含 72% 的 Debian 软件包，并基于 Debian "Trixie" 稳定版构建。目前仍为不稳定版本快照。

使用 GNU Hurd 内核的发行版释出了最新的 Debian GNU/Hurd 2025。基于微内核架构的 GNU Hurd 至今有逾 30 历史，但 1.0 版本还未发布，最新的稳定版本还是 2016 年的 v0.9。Debian GNU/Hurd 2025 支持 i386 架构和 amd64 架构，基于最近发布的 Debian “Trixie”稳定版，包含 72% 的 Debian 软件包，它仍然是不稳定版本的快照。

A vulnerability classified as critical has been found in Alpine iLX-507 6.0.000. This affects an unknown part of the component TIDAL. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-8476. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. This vulnerability is traded as CVE-2025-8543. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The identification of this vulnerability is CVE-2025-8542. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability was named CVE-2025-8541. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8540. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability is handled as CVE-2025-8539. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is known as CVE-2025-8538. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8510. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE.

A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. This vulnerability is handled as CVE-2025-8509. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. This vulnerability is traded as CVE-2025-8507. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.