Aggregator

CVE-2025-34052 | AVTECH IP Cameras/DVR/NVR Machine.cgi?action=get_capability information disclosure (Exploit 40500 / EUVD-2025-19646)

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, was found in AVTECH IP Cameras, DVR and NVR. Affected is an unknown function of the file Machine.cgi?action=get_capability. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-34052. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-34064 | One Identity OneLogin Active Directory Connector up to 6.1.4 JWT Signing Key exposure of resource (EUVD-2025-19634)

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in One Identity OneLogin Active Directory Connector up to 6.1.4. This issue affects some unknown processing of the component JWT Signing Key Handler. The manipulation leads to exposure of resource. The identification of this vulnerability is CVE-2025-34064. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-34062 | One Identity OneLogin Active Directory Connector up to 6.1.4 JWT Signing Key configuration endpoint information disclosure (EUVD-2025-19636)

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic was found in One Identity OneLogin Active Directory Connector up to 6.1.4. This vulnerability affects unknown code of the file /api/adc/v4/configuration endpoint of the component JWT Signing Key Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-34062. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-34056 | AVTECH IP Camera/DVR/NVR System Command PwdGrp.cgi pwd/grp os command injection (Exploit 40500 / EUVD-2025-19642)

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as critical has been found in AVTECH IP Camera, DVR and NVR. This affects an unknown part of the file PwdGrp.cgi of the component System Command Handler. The manipulation of the argument pwd/grp leads to os command injection. This vulnerability is uniquely identified as CVE-2025-34056. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-34055 | AVTECH IP Camera/DVR/NVR up to T717-T717-T717-T717 adcommand.cgi strCmd os command injection (Exploit 40500 / EUVD-2025-19643)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in AVTECH IP Camera, DVR and NVR. It has been rated as critical. Affected by this issue is some unknown functionality of the file adcommand.cgi. The manipulation of the argument strCmd leads to os command injection. This vulnerability is handled as CVE-2025-34055. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-34059 | Zhejiang Dahua Smart Cloud Gateway Registration Management Platform /index.php/User/doLogin sql injection (CNVD-2024-38747 / EUVD-2025-19638)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Zhejiang Dahua Smart Cloud Gateway Registration Management Platform. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php/User/doLogin. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-34059. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-34058 | Hikvision Streaming Media Management Server 2.3.5 /systemLog/downFile.php fileName weak password (CNVD-2021-14544 / EUVD-2025-19639)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Hikvision Streaming Media Management Server 2.3.5. It has been classified as critical. Affected is an unknown function of the file /systemLog/downFile.php. The manipulation of the argument fileName leads to weak password requirements. This vulnerability is traded as CVE-2025-34058. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-34060 | Monero Forum /get/image/ file_get_contents Link deserialization (EUVD-2025-19637)

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Monero Forum and classified as critical. This issue affects the function file_get_contents of the file /get/image/. The manipulation of the argument Link leads to deserialization. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-34060. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Qilin

Dark Feed IO
9 months 1 week ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
9 months 1 week ago

You must login to view this content

cohenido

Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

The S2 Group Intelligence team has uncovered a Russian-origin malware known as Snake Keylogger, a stealer coded in .NET, leveraging legitimate Java utilities to bypass security tools. This operation, distributed via a Malware as a Service (MaaS) model, targets diverse victims, including companies, governments, and individuals, with a particular focus on the oil industry during […]

The post Snake Keyloggers Exploit Java Utilities to Evade Detection by Security Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2022-49066 | Linux Kernel up to 5.17.3 include/linux/skbuff.h skb_headlen privilege escalation (Nessus ID 241018)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in Linux Kernel up to 5.17.3. It has been rated as problematic. This issue affects the function skb_headlen in the library include/linux/skbuff.h. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2022-49066. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-49429 | Linux Kernel up to 5.18.2 RDMA hfi1_write_iter null pointer dereference (Nessus ID 241018)

Vuldb Updates
9 months 1 week ago
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.18.2. Affected by this issue is the function hfi1_write_iter of the component RDMA. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2022-49429. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad