Aggregator

The Turkish government is proposing a controversial new cybersecurity law that could make it a crimi

A vulnerability has been found in otrok7 BMLT Meeting Map Plugin up to 2.6.1 on WordPress and classified as problematic. This vulnerability affects the function bmlt_meeting_map of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12494. The attack can be initiated remotely. There is no exploit available.

2025年1月21日，Oracle发布了2025年1月份的安全更新，修复了其多款产品存在的318个安全漏洞。

安全公告编号:CNTA-2025-00012025年1月21日，Oracle发布了2025年1月份的安全更新，修复了其多款产品存在的318个安全漏洞。受影响的产品包括：Oracle Database

Submit #480776 / VDB-278154

A vulnerability, which was classified as problematic, was found in Telstra Smart Modem Gen 2 up to 20250115. This affects an unknown part of the component HTTP Header Handler. The manipulation of the argument Content-Disposition leads to injection. This vulnerability is uniquely identified as CVE-2025-0697. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

Currently trending CVE - hypeScore: 1 - Commands can be injected over the network and executed without authentication.

Currently trending CVE - hypeScore: 1 - Huawei HG532 with some customized versions has a remote code execution vulnerability. An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code.

Currently trending CVE - hypeScore: 1 - Windows BitLocker Information Disclosure Vulnerability

#科技资讯 EPIC 还是这么硬气？为鼓励 iOS 开发者通过 EPIC 商店分发游戏，EPIC 将为开发者支付首年苹果收取的核心技术费。核心技术费按照安装次数收费，每次安装 0.5

Submit #480045 / VDB-293223

Политика платформ привела к бойкоту со стороны реддиторов.

A vulnerability, which was classified as critical, has been found in eminozlem Bootstrap Ultimate Theme up to 1.4.9 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument path leads to path traversal. This vulnerability is handled as CVE-2024-13545. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Node.js. Affected by this vulnerability is an unknown functionality of the component Socket Close Handler. The manipulation leads to memory leak. This vulnerability is known as CVE-2025-23085. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

SentinelOne researchers highlighted similarities in the approaches used by the HellCat and Morpheus ransomware groups, suggesting shared infrastructure

A vulnerability classified as problematic has been found in Node.js on Windows. Affected is an unknown function of the component Drive Name Handler. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-23084. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.