Aggregator

A vulnerability was found in OpenEMR up to 5.0.1.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file portal/account/register.php. The manipulation leads to improper authentication. This vulnerability is known as CVE-2018-15152. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Online Voting System 1.0. It has been classified as critical. Affected is an unknown function of the component Password Handler. The manipulation leads to 7pk security features. This vulnerability is traded as CVE-2018-6180. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Open-AudIT Professional 2.1. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Name/Description leads to cross site scripting. This vulnerability is known as CVE-2018-8903. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in OPAC EasyWeb Five 5.7. It has been declared as critical. This vulnerability affects unknown code of the file w2001/index.php?scelta=campi. The manipulation of the argument biblio as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-17428. The attack can be initiated remotely. Furthermore, there is an exploit available.

Linux creator Linus Torvalds announced the release of Linux kernel version 6.16 on July 27, 2025, marking the end of what he described as a “nice and calm” development cycle. The latest stable release brings numerous performance improvements, networking enhancements, and driver fixes across multiple hardware platforms, continuing the kernel’s evolution with focused stability improvements […]

The post Linux 6.16 Released with Performance and Networking Enhancements appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Not all browser add-ons are handy helpers – some may contain far more than you have bargained for

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cached by Apple Intelligence. Vulnerability Overview The newly discovered vulnerability, dubbed “Sploitlight” by Microsoft researchers, exploits Spotlight plugins to access private […]

The post New macOS Vulnerability Allows Attackers to Steal Private Files by Bypassing TCC appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in MetForm Plugin up to 4.0.1 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument mf-template leads to cross site scripting. This vulnerability is handled as CVE-2025-5684. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in SolarWinds Web Help Desk up to 12.8.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Configuration Handler. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2025-26400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

仙女座大星系近旁发现被称为 SDSO1 的星云。根据一篇预印本，SDSO1 可能并非来自仙女座，而是位于银河系内的一个古老行星状星云，被命名为「幽灵行星状星云」（Ghost Planetary Nebula, GPN）。这项研究由多位业余天文摄影师联合完成。研究团队透过影像显示的弓形震波与尾迹结构，并比对银河系内，距离地球约 600 光年的共生双星 EG Andromedae（仙女座EG）的位置与特性，推论这片云气正是由该双星系统在数十万年前抛出的壳层所形成，进而成为行星状星云。分析显示，仙女座EG 以每秒约 107 公里的速度穿越星际介质，因而产生壮观的弓形结构与长达 45 光年的尾迹。这类行星状星云在演化后期已极度稀薄而黯淡，但因与周围介质的高速交互作用才显现，SDSO1 也因此成为已知首个被提出的幽灵行星状星云案例。研究团队还辨识出银河系内另有 7 个具有类似特征的幽灵行星状星云候选天体，显示这类古老天体可能比我们以往认为的更为普遍。

Злоумышленники бесплатно публикуют базы в Telegram назло компаниям.

Two pro-Ukraine hacktivists have claimed responsibility for a destructive attack on Aeroflot

Varonis released Next-Gen Database Activity Monitoring (DAM), a new approach to database security that deploys quickly and overcomes the challenges legacy vendors face in preventing data breaches and ensuring regulatory compliance. Databases are the backbone of the global economy and serve as the central nervous system of AI, yet they’ve never been harder to protect. Lack of competition and complex barriers to entry have stifled innovation in the DAM market. “Legacy DAM solutions use outdated, … More →

The post Varonis unveils Next-Gen Database Activity Monitoring for agentless database security and compliance appeared first on Help Net Security.

Security researchers have examined a complex online shell script called UpdateChecker.aspx that was installed on compromised Internet Information Services (IIS) servers in response to a notable increase in cyberthreats directed at Microsoft Windows installations. This analysis stems from a follow-up investigation by FortiGuard’s Incident Response Team into a prolonged intrusion at a Middle East critical […]

The post Hackers Exploit IIS Servers with New Web Shell Script for Full Remote Control appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Currently trending CVE - Hype Score: 1 - NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data ...

2025年07月21日-2025年07月27日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

Кто бы знал, что один README.md может превратить ИИ-помощника в инструмент слива данных.

基于全球2689个中间件漏洞数据，揭示传统NVD CPE分类粗放、错误率高、更新滞后等痛点。摄星玄猫创新动态资产库与智能分类方案，实现漏洞精准管理，并警示国产中间件风险需重视。

曾几何时，安全运营（SecOps）是一项可控的工作；如今，它却成了复杂性与混乱交锋的战场。