Aggregator

CVE-2025-3751 | TIBCO ActiveMatrix BusinessWorks up to HF-0.x sql injection (HF-01 / EUVD-2025-16052)

11 months 1 week ago

A vulnerability was found in TIBCO ActiveMatrix BusinessWorks up to HF-0.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-3751. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2025-48069 | Shopify ejson2env up to 2.0.7 os command injection (GHSA-2c47-m757-32g6)

VulDB Recent Entries

11 months 1 week ago

A vulnerability was found in Shopify ejson2env up to 2.0.7. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-48069. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-46822 | OsamaTaher Java-springboot-codebase absolute path traversal (GHSA-q6mm-cm37-w637)

VulDB Recent Entries

11 months 1 week ago

A vulnerability was found in OsamaTaher Java-springboot-codebase and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to absolute path traversal. This vulnerability is handled as CVE-2025-46822. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2025-45752 | SeedDMS 6.0.32 Extension Manager code injection

VulDB Recent Entries

11 months 1 week ago

A vulnerability has been found in SeedDMS 6.0.32 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Extension Manager. The manipulation leads to code injection. This vulnerability is known as CVE-2025-45752. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-47291 | containerd up to 2.0.4 privileges assignment (GHSA-cxfp-7pvr-95ff)

VulDB Recent Entries

11 months 1 week ago

A vulnerability, which was classified as problematic, was found in containerd up to 2.0.4. Affected is an unknown function. The manipulation leads to incorrect privilege assignment. This vulnerability is traded as CVE-2025-47291. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-48063 | xwiki-platform up to 16.10.3/17.1.0-rc0 improper authorization (GHSA-rhfv-688c-p6hp)

VulDB Recent Entries

11 months 1 week ago

A vulnerability, which was classified as critical, has been found in xwiki-platform up to 16.10.3/17.1.0-rc0. This issue affects some unknown processing. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-48063. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Pandas Galore: Chinese Hackers Boost Attacks in Latin America

darkreading

11 months 1 week ago

Vixen Panda, Aquatic Panda — both Beijing-sponsored APTs and financially motivated criminal groups continued to pose the biggest threat to organizations in Central and South America last year, says CrowdStrike.

Jai Vijayan, Contributing Writer

CVE-2025-36535 | AutomationDirect MB-Gateway missing authentication (icsa-25-140-09)

VulDB Recent Entries

11 months 1 week ago

A vulnerability classified as very critical was found in AutomationDirect MB-Gateway. This vulnerability affects unknown code. The manipulation leads to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-36535. The attack can be initiated remotely. There is no exploit available.

vuldb.com

Lumma infostealer infected about 10 million systems before global disruption

CyberScoop

11 months 1 week ago

Cybercriminals used the prolific malware to target individuals and businesses, including Fortune 500 companies, according to the FBI.

The post Lumma infostealer infected about 10 million systems before global disruption appeared first on CyberScoop.

Matt Kapko

Cisco security advisory (AV25-288)

CCCS - Alerts and advisories

11 months 1 week ago

Canadian Centre for Cyber Security

GitLab security advisory (AV25-287)

CCCS - Alerts and advisories

11 months 1 week ago

Canadian Centre for Cyber Security