Aggregator

CVE-2025-52042 | Frappe ERPNext 15.57.5 request_for_quotation.py get_rfq_containing_supplier txt sql injection

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability marked as critical has been reported in Frappe ERPNext 15.57.5. Affected by this vulnerability is the function get_rfq_containing_supplier of the file erpnext/buying/doctype/request_for_quotation/request_for_quotation.py. The manipulation of the argument txt leads to sql injection. This vulnerability is referenced as CVE-2025-52042. Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-20357 | Cisco Cyber Vision up to 5.2.1 Reports Page cross site scripting (cisco-sa-cv-xss-rwRAKAJ9)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability labeled as problematic has been found in Cisco Cyber Vision up to 5.2.1. Affected is an unknown function of the component Reports Page. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-20357. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-20356 | Cisco Cyber Vision up to 5.2.1 Web-based Management Interface cross site scripting (cisco-sa-cv-xss-rwRAKAJ9)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability identified as problematic has been detected in Cisco Cyber Vision. This impacts an unknown function of the component Web-based Management Interface. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-20356. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2025-20361 | Cisco Unified Communications Manager up to 15SU2 Web-based Management Interface cross site scripting (cisco-sa-cucm-stored-xss-Fnj66YLy)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Cisco Unified Communications Manager. This affects an unknown function of the component Web-based Management Interface. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-20361. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

Microsoft Previews Graph Framework to Better Integrate Cybersecurity Tools

Security Boulevard
8 months 3 weeks ago

Microsoft this week began previewing an instance of a graph that is specifically designed to facilitate integration of disparate cybersecurity tools and platforms. Based on a data lake that is now generally available and an instance of a Model Context Protocol (MCP) server, the Microsoft Sentinel graph promises to make it simpler for cybersecurity teams..

The post Microsoft Previews Graph Framework to Better Integrate Cybersecurity Tools appeared first on Security Boulevard.

Michael Vizard

New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks

Cyber Security News
8 months 3 weeks ago

Google has introduced a new AI-powered ransomware detection feature for Google Drive for desktop, designed to block cyberattacks and protect user files automatically. This enhancement adds a significant layer of security for users of Windows and macOS, addressing the persistent and costly threat of ransomware. Ransomware continues to be a major cybersecurity challenge for organizations […]

The post New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks appeared first on Cyber Security News.

Guru Baran

CVE-2022-49860 | Linux Kernel up to 5.15.78/6.0.8 dmaengine device_register memory leak (WID-SEC-2025-0922)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 5.15.78/6.0.8. Affected is the function device_register of the component dmaengine. The manipulation results in memory leak. This vulnerability is known as CVE-2022-49860. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.
vuldb.com

CVE-2022-49861 | Linux Kernel up to 6.0.8 dmaengine mv_xor_v2_remove memory leak (Nessus ID 240793 / WID-SEC-2025-0922)

Vuldb Updates
8 months 3 weeks ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.0.8. Affected by this vulnerability is the function mv_xor_v2_remove of the component dmaengine. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2022-49861. The attack can only be initiated within the local network. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-57258 | DENEX U-Boot prior 2025.01-rc1 Memory Allocator integer overflow (EUVD-2025-4757 / Nessus ID 216981)

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in DENEX U-Boot. This affects an unknown part of the component Memory Allocator. The manipulation leads to integer overflow. This vulnerability is referenced as CVE-2024-57258. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

New FlipSwitch Hooking Technique Bypasses Linux Kernel Defenses

Cyber Security News
8 months 3 weeks ago

The cybersecurity landscape witnessed the emergence of a sophisticated rootkit variation, FlipSwitch, targeting modern Linux kernels. First surfacing in late September 2025, FlipSwitch exploits recent changes in syscall dispatching to implant stealthy hooks directly into kernel code. Early indicators suggest attackers leverage this novel approach to evade traditional detection, compromising critical infrastructure and cloud environments. […]

The post New FlipSwitch Hooking Technique Bypasses Linux Kernel Defenses appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2024-36977 | Linux Kernel up to 6.1.91/6.6.31/6.8.10/6.9.1 dwc3 IP/revisions send_gadget_ep_cmd denial of service

Vuldb Updates
8 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.91/6.6.31/6.8.10/6.9.1. This affects the function send_gadget_ep_cmd of the file IP/revisions of the component dwc3. The manipulation results in denial of service. This vulnerability is cataloged as CVE-2024-36977. The attack must originate from the local network. There is no exploit available. You should upgrade the affected component.
vuldb.com

Managed ad