Aggregator

CVE-2025-44012 | QNAP Qsync Central up to 5.0.0.1 allocation of resources (qsa-25-35)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in QNAP Qsync Central up to 5.0.0.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to allocation of resources. This vulnerability is documented as CVE-2025-44012. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-44007 | QNAP Qsync Central up to 5.0.0.0 allocation of resources (qsa-25-34)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in QNAP Qsync Central up to 5.0.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to allocation of resources. This vulnerability is registered as CVE-2025-44007. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-44006 | QNAP Qsync Central up to 5.0.0.0 allocation of resources (qsa-25-34)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in QNAP Qsync Central up to 5.0.0.0. It has been classified as critical. Affected is an unknown function. Performing manipulation results in allocation of resources. This vulnerability is cataloged as CVE-2025-44006. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-61593 | Cursor up to 1.7 CLI Agent /.cursor/cli.json case sensitivity (GHSA-x2vq-h6v6-jhc6 / EUVD-2025-32310)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Cursor up to 1.7 and classified as problematic. This impacts an unknown function of the file /.cursor/cli.json of the component CLI Agent. Such manipulation leads to improper handling of case sensitivity. This vulnerability is listed as CVE-2025-61593. The attack may be performed from remote. There is no available exploit.
vuldb.com

Beyond SAST and DAST Tools: Using IAST to Pinpoint Exploitable Application Vulnerabilities

Security Boulevard
8 months 3 weeks ago

Software is the backbone of modern business, but it's also a major source of risk, with Mandiant's M-Trends 2025 report revealing that 33% of all breaches begin with a vulnerability exploit. For many developers and security teams, the constant pressure of finding and fixing vulnerabilities feels like a losing battle. Our 2025 Software Under Siege report confirms why: the average application faces 17 new vulnerabilities every month, while development teams can typically only remediate six in the same period. This growing backlog is made worse by traditional security tools that are often noisy, slow, and can't keep up with the rapid pace of development. The biggest pain point is knowing which vulnerabilities are actually exploitable in your running application and which are just theoretical, buried deep in your codebase but never called. According to our research, the average production application has nearly 30 serious, exploitable vulnerabilities and is targeted by 81 confirmed, viable attacks each month that evade perimeter defenses. This "signal vs. noise" problem leads to wasted time and effort chasing down issues that pose no real threat, while the truly dangerous ones might be missed.

To effectively secure your applications, you need a solution that goes beyond the old-school methods. Let's take a look at the evolution of application security testing, from static and dynamic analysis to the more modern approach of interactive testing.

The post Beyond SAST and DAST Tools: Using IAST to Pinpoint Exploitable Application Vulnerabilities appeared first on Security Boulevard.

Tony Bailey

CVE-2025-61590 | Cursor up to 1.6 Visual Studio Code Workspace vscode/settings.json code injection (GHSA-xg6w-rmh5-r77r)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Cursor up to 1.6. The impacted element is an unknown function of the file vscode/settings.json of the component Visual Studio Code Workspace Handler. The manipulation results in code injection. This vulnerability is identified as CVE-2025-61590. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-33039 | QNAP Qsync Central up to 5.0.0.0 allocation of resources (qsa-25-34)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in QNAP Qsync Central up to 5.0.0.0. The affected element is an unknown function. The manipulation leads to allocation of resources. This vulnerability is referenced as CVE-2025-33039. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

How Shadow IT Leaves Every Industry in the Dark

Netscout
8 months 3 weeks ago
Shadow IT is everywhere. What began with employees or departments bringing familiar tools such as personal email or file-sharing apps into the workplace has grown into unauthorized software-as-a-service (SaaS) platforms, mobile apps, and artificial intelligence (AI). With just a few clicks, these tools become part of...
Anthony Cote

USENIX 2025: PEPR ’25 – Safetypedia: Crowdsourcing Privacy Inspections

Security Boulevard
8 months 3 weeks ago

Creators, Authors And Presenters: Lisa LeVasseur and Bryce Simpson, Internet Safety Labs

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.

Permalink

The post USENIX 2025: PEPR ’25 – Safetypedia: Crowdsourcing Privacy Inspections appeared first on Security Boulevard.

Marc Handelman

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

The Hackers News
8 months 3 weeks ago
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when
The Hacker News

CVE-2024-47055 | Mautic up to 5.2.5/6.0.1 Segment Cloning authorization (GHSA-vph5-ghq3-q782)

Vuldb Updates
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Mautic up to 5.2.5/6.0.1. This affects an unknown part of the component Segment Cloning. Executing manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2024-47055. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-48931 | TeleMessage Service up to 2025-05-05 Password weak hash

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as problematic was found in TeleMessage Service up to 2025-05-05. Affected by this vulnerability is an unknown functionality of the component Password Handler. The manipulation results in use of weak hash. This vulnerability is cataloged as CVE-2025-48931. The attack must be initiated from a local position. Furthermore, there is an exploit available. This product is a managed service, so users are unable to manage vulnerability countermeasures on their own.
vuldb.com

CVE-2025-9023 | Tenda AC7/AC18 15.03.05.19/15.03.06.44 /goform/SetLEDCfg formSetSchedLed Time buffer overflow

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Tenda AC7 and AC18 15.03.05.19/15.03.06.44. It has been classified as critical. This impacts the function formSetSchedLed of the file /goform/SetLEDCfg. The manipulation of the argument Time leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-9023. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-10674 | fuyang_lipengjun platform 1.0 queryAll AttributeCategoryController improper authorization

Vuldb Updates
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-10674. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad