Aggregator

CVE-2018-15686 | Oracle Communications Cloud Native Core Network Function Cloud Native Environment Calico deserialization (EDB-45714 / Nessus ID 266232)

Vuldb Updates
8 months 3 weeks ago
A vulnerability categorized as critical has been discovered in Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.4.0. This impacts an unknown function of the component Calico. Such manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2018-15686. Local access is required to approach this attack. Moreover, an exploit is present. It is advisable to upgrade the affected component.
vuldb.com

Shutdown Snares Federal Cybersecurity Personnel

Ransomware DataBreachToday.com
8 months 3 weeks ago
US Cyber Defense Agency Faces 65% Furlough Rate Amid Federal Shutdown
The U.S. federal government shutdown has slashed staff at the nation's cyber defense agency and other key cyber entities, freezing daily operations, stalling grants and weakening threat coordination as state and local systems brace for lapses in federal support.

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA News
8 months 3 weeks ago

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

These types of vulnerabilities are frequent attack vector for malicious cyber actors and pose significant risks to the federal enterprise. 

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

CISA

CISA Releases Two Industrial Control Systems Advisories

CISA News
8 months 3 weeks ago

CISA released two Industrial Control Systems (ICS) advisories on October 2, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

The Hackers News
8 months 3 weeks ago
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to
The Hacker News

Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules

Anyrun
8 months 3 weeks ago

September brought big updates to ANY.RUN. From four new connectors that plug our sandbox and threat intelligence straight into the world’s top SIEM and SOAR platforms, to a redesigned Threat Intelligence Lookup home screen built for speed and simplicity, your SOC now works smarter and faster than ever.   Add in 99 fresh signatures, 11 new YARA rules, and 2,322 […]

The post Release Notes: Palo Alto Networks, Microsoft, IBM Connectors and 2,300+ Suricata Rules appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

The Hackers News
8 months 3 weeks ago
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real
The Hacker News

Google Mandiant Probes New Oracle Extortion Wave Possibly Linked to Cl0p Ransomware

The Hackers News
8 months 3 weeks ago
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or
The Hacker News

CVE-2025-40992 | Creativeitem Sociopro Query update_profile Name cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability labeled as problematic has been found in Creativeitem Sociopro. The affected element is an unknown function of the file /sociopro/profile/update_profile of the component Query Handler. Executing manipulation of the argument Name can lead to cross site scripting. This vulnerability appears as CVE-2025-40992. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-54293 | Canonical LXD up to 5.21.3/6.4 Log File path traversal (GHSA-472f-vmf2-pr3h)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability identified as critical has been detected in Canonical LXD up to 5.21.3/6.4. Impacted is an unknown function of the component Log File Handler. Performing manipulation results in path traversal. This vulnerability is reported as CVE-2025-54293. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-40989 | Creativeitem Ekushey CRM 5.0 Query add Message cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Creativeitem Ekushey CRM 5.0. This issue affects some unknown processing of the file /ekushey/index.php/client/project_message/add/ of the component Query Handler. Such manipulation of the argument Message leads to cross site scripting. This vulnerability is documented as CVE-2025-40989. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-40991 | Creativeitem Ekushey CRM 5.0 Query upload Description cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Creativeitem Ekushey CRM 5.0. It has been rated as problematic. This vulnerability affects unknown code of the file /ekushey/index.php/client/project_file/upload/ of the component Query Handler. This manipulation of the argument Description causes cross site scripting. This vulnerability is registered as CVE-2025-40991. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

CVE-2025-40990 | Creativeitem Ekushey CRM 5.0 Query create title/description cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Creativeitem Ekushey CRM 5.0. It has been declared as problematic. This affects an unknown part of the file /ekushey/index.php/client/project_bug/create/ of the component Query Handler. The manipulation of the argument title/description results in cross site scripting. This vulnerability is cataloged as CVE-2025-40990. The attack may be launched remotely. There is no exploit available.
vuldb.com

Managed ad