Aggregator

A vulnerability identified as problematic has been detected in bytecodealliance wasmtime up to 24.0.3/33.0.1/34.0.1. This vulnerability affects the function path_open of the component WASIp1 Handler. The manipulation leads to operation on a resource after expiration. This vulnerability is listed as CVE-2025-53901. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Config Pages Viewer up to 1.0.3 on Drupal. This impacts an unknown function. The manipulation results in missing authentication. This vulnerability is cataloged as CVE-2025-7031. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in n8n up to 1.99.0. This affects an unknown function of the file /rest/executions/. Such manipulation leads to missing authorization. This vulnerability is listed as CVE-2025-52554. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Redis up to 7.2.5 and classified as problematic. Affected is the function bit_tohex of the file deps/lua/src/lua_bit.c. Performing manipulation results in integer overflow. This vulnerability is known as CVE-2024-31449. Access to the local network is required for this attack. No exploit is available. The affected component should be upgraded.

In breach notifications submitted to regulators in Maine and Vermont, Chess.com explained that 4,541 people had personal information exposed to hackers who breached an unnamed file transfer application between June 5 and June 18.

Команда из Кембриджа раскрыла результаты четырёхлетнего эксперимента

Alleged Data Breach of Wicklow Healthcare Advisory

A vulnerability was found in Git Client Plugin up to 6.3.2 on Jenkins. It has been classified as critical. The impacted element is an unknown function of the component Controller File System Handler. The manipulation leads to permission issues. This vulnerability is traded as CVE-2025-58458. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Brocade SANnav up to 2.3.1b. It has been classified as problematic. The impacted element is an unknown function. Performing manipulation results in cleartext storage of sensitive information. This vulnerability is reported as CVE-2024-10404. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as problematic has been detected in Brocade SANnav up to 2.3.1a. Impacted is an unknown function of the component TLS. This manipulation causes risky cryptographic algorithm. This vulnerability is tracked as CVE-2024-10405. The attack is possible to be carried out remotely. No exploit exists.

The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incoming emails for a specific trigger word," S2 Grupo's LAB52 threat intelligence team said. "When such an email is

Texas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. [...]

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment of a passive C++ backdoor called Rungan and a native Internet Information Services (IIS) module

Chess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. [...]

A vulnerability, which was classified as critical, has been found in F5 BIG-IP Next Central Manager 20.0.1/20.1.0. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-26026. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability was found in MarkUsProject Markus up to 2.4.7 and classified as critical. Affected by this issue is some unknown functionality. Such manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-51743. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in MarkUsProject Markus up to 2.4.7. It has been classified as critical. This affects the function update_files of the file config/initializers/. Performing manipulation results in unrestricted upload. This vulnerability is known as CVE-2024-51499. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

A vulnerability labeled as problematic has been found in SilverStripe Framework up to 5.3.22. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-30148. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in authzed spicedb up to 1.44.1. This vulnerability affects unknown code. The manipulation leads to security check for standard. This vulnerability is uniquely identified as CVE-2025-49011. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.