Renault UK Customer Records Stolen in Third-Party Breach
Renault UK warns customers of a third-party data breach exposing personal details, stressing vigilance against fraud and confirming no bank data lost.
Aggregator
IOC Alert: Telegram Bot API Abused for XWorm C2 Communications
8 months 3 weeks ago
IOC Alert: Telegram Bot API Abused for XWorm C2 Communications
Dark Web Informer
Hacker Stole Sensitive Data From FEMA, Border Patrol: Reports
8 months 3 weeks ago
An assessment by DHS found that hackers were able to access FEMA servers by exploiting the CitrixBleed 2 vulnerability and steal data from both that agency and the border patrol office, contradicting an earlier statement by Homeland Security Secretary Kristi Noem that no personal information was taken during the weeks-long breach.
The post Hacker Stole Sensitive Data From FEMA, Border Patrol: Reports appeared first on Security Boulevard.
Jeffrey Burt
Lynx
8 months 3 weeks ago
You must login to view this content
cohenido
Ransom House
8 months 3 weeks ago
You must login to view this content
cohenido
Top 10 Best Brand Protection Solutions for Enterprises in 2025
8 months 3 weeks ago
Brand protection solutions are essential for enterprises in 2025 as digital commerce continues to grow and online threats evolve more rapidly than ever. With the surge in counterfeit products, trademark infringements, phishing attacks, and reputation risks, enterprises must safeguard their intellectual property and digital assets. Choosing the right brand protection tool not only builds consumer […]
The post Top 10 Best Brand Protection Solutions for Enterprises in 2025 appeared first on Cyber Security News.
Cyber Advisory
Here is the email Clop attackers sent to Oracle customers
8 months 3 weeks ago
The emails, which are littered with broken English, aim to instill fear, apply pressure, threaten public exposure and seek negotiation for a ransom payment.
The post Here is the email Clop attackers sent to Oracle customers appeared first on CyberScoop.
Matt Kapko
CVE-2025-61588 | risc0 RISC Zero up to 2.0.x sys_read code injection (GHSA-jqq4-c7wq-36h7 / EUVD-2025-32056)
8 months 3 weeks ago
A vulnerability has been found in risc0 RISC Zero up to 2.0.x and classified as critical. Affected by this issue is the function sys_read. Performing manipulation results in code injection.
This vulnerability is cataloged as CVE-2025-61588. It is possible to initiate the attack remotely. There is no exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2025-61583 | joni1802 ts3-manager up to 2.2.1 Web Interface cross site scripting (GHSA-qw6j-37r6-m93g / EUVD-2025-32058)
8 months 3 weeks ago
A vulnerability was found in joni1802 ts3-manager up to 2.2.1. It has been rated as problematic. This affects an unknown function of the component Web Interface. Performing manipulation results in cross site scripting.
This vulnerability is reported as CVE-2025-61583. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-58775 | Keyence KV Studio/VT5-WX12/VT5-WX15 stack-based overflow (EUVD-2025-32073)
8 months 3 weeks ago
A vulnerability was found in Keyence KV Studio, VT5-WX12 and VT5-WX15. It has been classified as critical. This impacts an unknown function. Performing manipulation results in stack-based buffer overflow.
This vulnerability is cataloged as CVE-2025-58775. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-56380 | Frappe Framework 15.72.4 API Endpoint frappe.client.get_value fieldname sql injection (EUVD-2025-32134)
8 months 3 weeks ago
A vulnerability classified as critical has been found in Frappe Framework 15.72.4. Affected by this issue is the function frappe.client.get_value of the component API Endpoint. Performing manipulation of the argument fieldname results in sql injection.
This vulnerability is known as CVE-2025-56380. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-61096 | PHPGurukul Online Shopping Portal Project 2.1 /shopping/login.php fullname sql injection (EUVD-2025-32143)
8 months 3 weeks ago
A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown function of the file /shopping/login.php. The manipulation of the argument fullname leads to sql injection.
This vulnerability is documented as CVE-2025-61096. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2025-56161 | YOSHOP 2.0 comment-list API User.php information disclosure (EUVD-2025-32191)
8 months 3 weeks ago
A vulnerability marked as problematic has been reported in YOSHOP 2.0. Affected is an unknown function of the file User.php of the component comment-list API. This manipulation causes information disclosure.
This vulnerability appears as CVE-2025-56161. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-56381 | Frappe ERPNext 15.67.0 frappe.desk.reportview.get order_by/group_by sql injection (EUVD-2025-32133)
8 months 3 weeks ago
A vulnerability described as critical has been identified in Frappe ERPNext 15.67.0. This vulnerability affects unknown code of the file /api/method/frappe.desk.reportview.get. Executing manipulation of the argument order_by/group_by can lead to sql injection.
This vulnerability appears as CVE-2025-56381. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-56154 | htmly 3.0.8 /author/:name Name cross site scripting (EUVD-2025-32189)
8 months 3 weeks ago
A vulnerability was found in htmly 3.0.8. It has been classified as problematic. Impacted is an unknown function of the file /author/:name. Performing manipulation of the argument Name results in cross site scripting.
This vulnerability was named CVE-2025-56154. The attack may be initiated remotely. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2025-27261 | Ericsson Indoor Connect 8855 up to 2025.Q1 Configuration Data sql injection (EUVD-2025-31089)
8 months 3 weeks ago
A vulnerability was found in Ericsson Indoor Connect 8855 up to 2025.Q1 and classified as critical. This impacts an unknown function of the component Configuration Data Handler. Executing manipulation can lead to sql injection.
This vulnerability is registered as CVE-2025-27261. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2025-27262 | Ericsson Indoor Connect 8855 up to 2025.Q1 Configuration Data os command injection (EUVD-2025-31101)
8 months 3 weeks ago
A vulnerability identified as critical has been detected in Ericsson Indoor Connect 8855 up to 2025.Q1. The affected element is an unknown function of the component Configuration Data Handler. The manipulation leads to os command injection.
This vulnerability is traded as CVE-2025-27262. An attack has to be approached locally. There is no exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2001-0848 | E-zone Media Fuse Talk 2.0/3.0 join.cfm sql injection (ID 10242 / XFDB-7445)
8 months 3 weeks ago
A vulnerability identified as problematic has been detected in E-zone Media Fuse Talk 2.0/3.0. The affected element is an unknown function of the file join.cfm. The manipulation leads to sql injection.
This vulnerability is referenced as CVE-2001-0848. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2001-0849 | Duncan Hall Viralator 0.7/0.8/0.9 Pre1 Download privileges management (Nessus ID 11107 / ID 10230)
8 months 3 weeks ago
A vulnerability labeled as critical has been found in Duncan Hall Viralator 0.7/0.8/0.9 Pre1. The impacted element is an unknown function of the component Download Handler. The manipulation results in improper privilege management.
This vulnerability is identified as CVE-2001-0849. The attack can be executed remotely. There is not any exploit available.
The affected component should be upgraded.
vuldb.com
CVE-2001-0853 | Entrust GetAccess All Versions AboutBox.gas.bat locale path traversal (VU#243243 / ID 10229)
8 months 3 weeks ago
A vulnerability classified as problematic was found in Entrust GetAccess All Versions. Affected by this vulnerability is an unknown functionality of the file elpwin.gas.bat/AboutBox.gas.bat. Executing manipulation of the argument locale can lead to path traversal.
This vulnerability is registered as CVE-2001-0853. It is possible to launch the attack remotely. No exploit is available.
vuldb.com