Aggregator

A vulnerability was found in Armorlogic Profense Web Application Firewall up to 2.2.20. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2009-1593. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in YourFreeWorld Programs Rating Script. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file rate.php. The manipulation of the argument ID leads to cross site scripting. This vulnerability is known as CVE-2009-4690. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Phpee Pphlogger 2.2.5. Affected by this issue is some unknown functionality of the file dspStats.php. The manipulation of the argument Edit leads to cross site scripting. This vulnerability is handled as CVE-2009-4253. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Raphael Mazoyer PointComma up to 3.53. It has been rated as critical. This issue affects some unknown processing of the file includes/classes/pctemplate.php. The manipulation of the argument pcConfig[smartyPath] leads to code injection. The identification of this vulnerability is CVE-2009-4220. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Microsoft 365 Copilot Business Chat. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-53787. It is possible to launch the attack remotely. There is no exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

Currently trending CVE - Hype Score: 18 - Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this ...

Currently trending CVE - Hype Score: 9 - StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

VexTrio, a sophisticated threat actor known for operating a massive traffic distribution system (TDS), has expanded its malicious activities by deploying fake VPN applications on major app stores, including Google Play and the Apple App Store. Originating from a merger between Italian spammers and Eastern European developers around 2020, VexTrio’s TDS facilitates the redirection of […]

The post VexTrio TDS Deploys Malicious VPN Apps on Google Play and App Store appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

За фемтосекунды до смерти молекула выдала свои квантовые секреты.

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. This vulnerability was named CVE-2025-8752. The attack can be initiated remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

A vulnerability was found in VMware ESXi, Workstation, Fusion and Cloud Foundation. It has been declared as problematic. This vulnerability affects unknown code of the component GuestInfo. The manipulation leads to denial of service. This vulnerability was named CVE-2020-3999. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEAS_AlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulation of the argument resultId leads to sql injection. The identification of this vulnerability is CVE-2025-8704. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BP_ProID leads to sql injection. This vulnerability is traded as CVE-2025-8705. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. This vulnerability is known as CVE-2025-8706. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #623679 / VDB-319246

A vulnerability was found in Protected Total WebShield Extension up to 3.2.0 on Chrome. It has been classified as problematic. This affects an unknown part of the component Block Page. The manipulation of the argument Category leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8751. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

半年融资 3 个亿，前地平线、理想高管做了一只机器狗。

U.S. authorities have announced the successful dismantling of the BlackSuit ransomware operation, a notorious group linked to attacks on more than 450 organizations worldwide. The operation, led by Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI), involved seizing servers, domains, and digital assets used for deploying ransomware, extorting victims, and laundering illicit profits. BlackSuit, […]

The post US Confirms Shutdown of BlackSuit Ransomware That Hacked Over 450 Organizations appeared first on Cyber Security News.

Submit #623677 / VDB-319245

Радио с шифром — а враг уже в эфире.