Aggregator

CVE-2024-12925 | Akınsoft QR Menü up to 1.05.11 HTTP Response certificate validation (EUVD-2024-54938)

VulDB Recent Entries
1 month ago
A vulnerability was found in Akınsoft QR Menü up to 1.05.11. It has been rated as critical. The affected element is an unknown function of the component HTTP Response Handler. Performing manipulation results in certificate with host mismatch. This vulnerability is cataloged as CVE-2024-12925. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

Apple May Drop Physical SIM Card in iPhone 17

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month ago

Apple appears poised to remove the physical SIM card slot from its upcoming iPhone 17 models in more countries, with a significant rollout anticipated across the European Union. This change would mark the latest step in Apple’s long-term strategy of transitioning to the more secure and flexible eSIM technology, a move already implemented in the […]

The post Apple May Drop Physical SIM Card in iPhone 17 appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

The Hackers News
1 month ago
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large
The Hacker News

CVE-2025-9801 | SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af filePath path traversal (Issue 959 / EUVD-2025-26364)

VulDB Recent Entries
1 month ago
A vulnerability has been found in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af and classified as critical. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. This vulnerability is referenced as CVE-2025-9801. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-9800 | SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af HTML File Parser route.ts import unrestricted upload (Issue 958 / EUVD-2025-26365)

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, was found in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted upload. The identification of this vulnerability is CVE-2025-9800. The attack may be launched remotely. Furthermore, there is an exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. A patch should be applied to remediate this issue.
vuldb.com

Crooks exploit Meta malvertising to target Android users with Brokewell

Security Affairs
1 month ago
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook […]
Pierluigi Paganini

SUSE Fleet: Plain Text Storage of Vulnerability Exploit Helm Values

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month ago

A high-severity vulnerability in SUSE’s Fleet, a GitOps management tool for Kubernetes clusters, has been disclosed by security researcher samjustus via GitHub Security Advisory GHSA-6h9x-9j5v-7w9h. The vulnerability, tracked as CVE-2024-52284, allows Helm chart values—often containing sensitive credentials—to be stored inside BundleDeployment resources in plain text, exposing them to any user with GET or LIST permissions. […]

The post SUSE Fleet: Plain Text Storage of Vulnerability Exploit Helm Values appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

CVE-2025-9799 | Langfuse up to 3.88.0 Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery (Issue 8522 / EUVD-2025-26361)

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, has been found in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgery. This vulnerability was named CVE-2025-9799. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

Google Web Designer Vulnerability Lets Hackers Take Over Client Systems

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month ago

A critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposed Windows users to full system compromise, according to a detailed write-up by security researcher Balint Magyar. Affecting versions prior to 16.4.0.0711 (released July 29, 2025), the flaw allowed attackers to inject malicious CSS into a configuration file and leverage an internal API […]

The post Google Web Designer Vulnerability Lets Hackers Take Over Client Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Managed ad