Aggregator

A vulnerability was found in HPE AutoPass License Server up to 9.17 and classified as critical. Affected by this issue is some unknown functionality of the component hsqldb. The manipulation leads to Remote Code Execution. This vulnerability is handled as CVE-2025-37105. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in ISC BIND up to 9.20.10/9.20.10-S1/9.21.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the component named. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2025-40777. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in IBM WebSphere Application Server and WebSphere Application Server Liberty 9.0. Affected is an unknown function of the component Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-36097. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Режим “Спасайся, кто может” активирован.

Google Threat Intelligence Group said a financially motivated threat group is abusing the outdated remote access VPN devices, underscoring a continued pattern of threats confronting SonicWall customers.

The post SonicWall customers hit by fresh, ongoing attacks targeting fully patched SMA 100 devices appeared first on CyberScoop.

Cybersecurity researchers have flagged a new variant of a known malware loader called Matanbuchus that packs in significant features to enhance its stealth and evade detection. Matanbuchus is the name given to a malware-as-a-service (MaaS) offering that can act as a conduit for next-stage payloads, including Cobalt Strike beacons and ransomware. First advertised in February 2021 on

A threat actor with likely links to the Abyss ransomware group is leveraging an apparent zero-day vulnerability to deploy the "Overstep" backdoor on fully up-to-date appliances.

A vulnerability, which was classified as critical, has been found in Pro Bulk Watermark Plugin up to 2.0 on WordPress. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-28973. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in The-Scratch-Channel up to b66a1cae45e05ad8971aecd96c3322520f8a5725. This vulnerability affects unknown code of the file /api/admin.js. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-53904. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.22. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-47053. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-46959. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.