Aggregator

A vulnerability, which was classified as critical, has been found in Cisco IOS and IOS XE. Affected by this issue is some unknown functionality of the component SNMPv1/SNMPv2c/SNMPv3. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2017-6743. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to change the configuration settings.

A vulnerability was found in Cisco IOS XE. It has been rated as critical. This issue affects some unknown processing of the component mDNS Gateway. The manipulation leads to incomplete cleanup. The identification of this vulnerability is CVE-2024-20303. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Webex Teams. It has been classified as problematic. This affects an unknown part of the component Session Token Handler. The manipulation leads to unprotected transport of credentials. This vulnerability is uniquely identified as CVE-2024-20395. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco IOS and IOS XE. Affected by this vulnerability is an unknown functionality of the component SNMPv1/SNMPv2c/SNMPv3. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-6742. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to change the configuration settings.

A vulnerability was found in Cisco Webex Teams and classified as problematic. Affected by this issue is some unknown functionality of the component File Protocol Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-20396. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has expanded its .NET bug bounty program and increased rewards to $40,000 for some .NET and ASP.NET Core vulnerabilities. [...]

The KNP breach shows how one weak password led to the collapse of a 158-year-old company, and why SaaS security is essential to every organization.

The post KNP Breach: What Went Wrong with Identity and SaaS Controls appeared first on Security Boulevard.

A CISA official said they’re looking at the potential impact and what to do about Chinese hackers penetrating U.S. critical infrastructure.

The post Feds still trying to crack Volt Typhoon hackers’ intentions, goals appeared first on CyberScoop.

A vulnerability, which was classified as problematic, has been found in Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI Plugin up to 26.1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-7725. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in IDonate Plugin up to 2.0.0/2.1.9 on WordPress. This vulnerability affects the function admin_donor_profile_view. The manipulation of the argument donor leads to missing authorization. This vulnerability was named CVE-2025-4523. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Stratum Plugin up to 1.6.0 on WordPress. This affects an unknown part of the component Google Maps Widget/Image Hotspot Widgets. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7845. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in CloudClassroom-PHP-Project 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component postquerypublic. The manipulation of the argument email leads to cross site scripting. This vulnerability is known as CVE-2025-50866. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in BerqWP Plugin up to 2.2.42 on WordPress. It has been rated as critical. Affected by this issue is the function store_javascript_cache of the file store_javascript_cache.php. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-7443. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in CS Cart 4.18.3. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-50847. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in CS Cart 4.18.3 and classified as problematic. This issue affects some unknown processing of the component File Upload. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-50848. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Sielox AnyWare 2.1.2 and classified as critical. This vulnerability affects unknown code of the component Password Reset Handler. The manipulation of the argument email address leads to sql injection. This vulnerability was named CVE-2024-34327. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in ExaGrid EX10 up to 7.0.1.P08. This affects an unknown part of the component API. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-29556. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in CloudClassroom-PHP-Project 1.0/2.php. Affected by this issue is some unknown functionality of the file takeassessment2.php of the component POST Parameter Handler. The manipulation of the argument Q5 leads to sql injection. This vulnerability is handled as CVE-2025-50867. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in CS Cart 4.18.3. Affected by this vulnerability is an unknown functionality of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2025-50850. The attack can be launched remotely. There is no exploit available.

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow. "ApolloShadow has the capability to install a trusted root certificate to