Aggregator

A vulnerability labeled as critical has been found in Vasion Print Virtual Appliance Host and Print Application. The impacted element is an unknown function of the file /var/www/app/console_release/lexmark/dellCheck.php. The manipulation of the argument printer_vo results in missing authentication. This vulnerability is reported as CVE-2025-34232. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Vasion Print Virtual Appliance Host and Print Application. The affected element is an unknown function of the file /var/www/app/console_release/hp/log_off_single_sign_on.php. The manipulation of the argument printer_vo leads to missing authentication. This vulnerability is documented as CVE-2025-34230. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in Vasion Print Virtual Appliance Host and Print Application. Impacted is the function console_release of the file /var/www/app/console_release/hp/installApp.php. Executing manipulation of the argument printer_vo can lead to missing authentication. This vulnerability is registered as CVE-2025-34229. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host and Print Application. It has been rated as critical. This issue affects the function curl_exec/file_get_contents of the file /var/www/app/console_release/lexmark/update.php. Performing manipulation results in missing authentication. This vulnerability is cataloged as CVE-2025-34228. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Vasion Print Virtual Appliance Host and Print Application. It has been declared as problematic. This vulnerability affects the function file_get_contents. Such manipulation leads to protection mechanism failure. This vulnerability is listed as CVE-2025-34233. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host and Print Application. It has been classified as critical. This affects the function curl_exec/file_get_contents of the file console_release. This manipulation causes missing authentication. This vulnerability is tracked as CVE-2025-34225. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Vasion Print Virtual Appliance Host and Print Application and classified as critical. Affected by this issue is some unknown functionality of the file console_release. The manipulation results in missing authentication. This vulnerability is identified as CVE-2025-34224. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS) devices. The flaw, tracked as CVE-2025-30247, could allow a remote attacker to execute arbitrary code on vulnerable systems, potentially leading to a complete device takeover. The company addressed the high-severity issue in My Cloud Firmware version 5.31.108, which […]

The post Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

A vulnerability has been found in Vasion Print Virtual Appliance Host and Print Application and classified as critical. Affected by this vulnerability is the function HPCertificateController of the file /var/www/app/routes/web.php. The manipulation leads to missing authentication. This vulnerability is referenced as CVE-2025-34222. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Vasion Print Virtual Appliance Host and Print Application. Affected is an unknown function of the file /admin/query/update_database.php of the component Installation Web Interface. Executing manipulation of the argument root_user/root_password can lead to hard-coded credentials. The identification of this vulnerability is CVE-2025-34223. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

Broadcom released VMSA-2025-0016 to address three key vulnerabilities affecting VMware vCenter Server and NSX products. The vulnerabilities include an SMTP header injection in vCenter (CVE-2025-41250) and two distinct username enumeration flaws in NSX (CVE-2025-41251 and CVE-2025-41252). All three are rated in the Important severity range with CVSSv3 scores between 7.5 and 8.5. CVE ID Description CVSSv3 Affected […]

The post VMware vCenter and NSX Flaws Allow Hackers to Enumerate Usernames appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

近期，该恶意软件的开发者新增了后门组件，使攻击者能以隐蔽方式持续控制已攻陷的系统。

企业应将AI安全列为公司发展的优先事项，建立清晰的治理框架，并确保网络安全团队接受过应对新兴AI驱动威胁的培训。

Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where trouble can start. James Cusick, a researcher at Ritsumeikan University, recently set out to answer a question: how secure is the code we depend on? His study looked at both open-source and … More →

The post The hidden risks inside open-source code appeared first on Help Net Security.

Apple has rolled out security updates across its operating systems to address a vulnerability in the Font Parser component that could allow malicious fonts to crash applications or corrupt process memory. The vulnerability, identified as CVE-2025-43400, affects a wide range of products, including the newly released macOS Tahoe and iOS 26, as well as older […]

The post Apple Font Parser Vulnerability Enables Malicious Fonts to Corrupt Process Memory appeared first on Cyber Security News.

大语言模型（LLMs）在AI应用中发挥重要作用，但提示注入攻击威胁其安全。此类攻击通过恶意输入操控模型输出，导致数据泄露、不当行为或有害内容生成。防范需采用多层策略，包括参数化、输入验证和人工监督。

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

美国网络安全机构CISA将影响Linux系统Sudo工具的严重漏洞CVE-2025-32463加入已知被利用漏洞目录，该漏洞允许攻击者以root权限执行任意命令。同时新增四例被利用漏洞，并敦促相关机构在10月20日前修复。

In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez also explains how to align cybersecurity efforts with business goals to gain executive support. What trends or emerging threats are pushing organizations to rethink their resilience strategies? AI is making it easier for attackers … More →

The post Cyber risk quantification helps CISOs secure executive support appeared first on Help Net Security.