Aggregator

CVE-2025-49488 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 router/phonebook/pb.c denial of service (EUVD-2025-19607)

2 months 1 week ago

A vulnerability classified as problematic has been found in ASR Falcon_Linux, Kestrel and Lapwing_Linux. This affects an unknown part of the file router/phonebook/pb.c. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-49488. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49491 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 traffic_service.C denial of service (EUVD-2025-19610)

Vuldb Updates

2 months 1 week ago

A vulnerability was found in ASR Falcon_Linux, Kestrel and Lapwing_Linux and classified as problematic. This issue affects some unknown processing of the file traffic_stat/traffic_service/traffic_service.C. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-49491. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49492 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 dev_api.C out-of-bounds write (EUVD-2025-19608)

Vuldb Updates

2 months 1 week ago

A vulnerability has been found in ASR Falcon_Linux, Kestrel and Lapwing_Linux and classified as critical. Affected by this vulnerability is an unknown functionality of the file apps/atcmd_server/src/dev_api.C. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-49492. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49490 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 router/sms/sms.c denial of service (EUVD-2025-19605)

Vuldb Updates

2 months 1 week ago

A vulnerability was found in ASR Falcon_Linux, Kestrel and Lapwing_Linux. It has been classified as problematic. Affected is an unknown function of the file router/sms/sms.c. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-49490. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49489 | ASR Falcon_Linux/Kestrel/Lapwing_Linux prior 1536 con_mgr/dialer_task.C denial of service (EUVD-2025-19606)

Vuldb Updates

2 months 1 week ago

A vulnerability classified as problematic was found in ASR Falcon_Linux, Kestrel and Lapwing_Linux. This vulnerability affects unknown code of the file con_mgr/dialer_task.C. The manipulation leads to denial of service. This vulnerability was named CVE-2025-49489. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-6932 | D-Link DCS-7517 up to 2.02.0 Qlync Password Generation /bin/httpd g_F_n_GenPassForQlync hard-coded password (EUVD-2025-19591)

Vuldb Updates

2 months 1 week ago

A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync Password Generation Handler. The manipulation leads to use of hard-coded password. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6932. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2024-4403 | parisneo lollms-webui up to 9.6 restart_program cross-site request forgery

Vuldb Updates

2 months 1 week ago

A vulnerability, which was classified as problematic, has been found in parisneo lollms-webui up to 9.6. Affected by this issue is the function restart_program. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-4403. The attack may be launched remotely. There is no exploit available.

vuldb.com

Clothoff 试图支配深度伪造色情

Solidot

2 months 1 week ago

根据 Clothoff 告密者披露的信息，该深度伪造色情应用正计划向全球扩张，试图支配深度伪造色情领域。Clothoff 已经收购了至少 10 款类似服务，这些服务每月吸引了数十万到数百万流量。告密者称，Clothoff 年度预算约 350 万美元，它目前的营销方式主要是依靠 Telegram 机器人和 X 频道向可能使用该应用的年轻男性投放广告。Clothoff 大部分营销预算都花在 Telegram 频道、Reddit Sex Sub 和 4chan 上。

Citrix Warns Authentication Failures Following The Update of NetScaler to Fix Auth Vulnerability

Cyber Security News

2 months 1 week ago

Citrix has issued an urgent advisory warning customers of widespread authentication failures following recent updates to NetScaler builds 14.1.47.46 and 13.1.59.19. The updates, released as part of the company’s ongoing secure-by-design initiative, have inadvertently caused significant disruption to enterprise authentication systems across multiple organizations worldwide. The authentication failures manifest as broken login pages and complete […]

The post Citrix Warns Authentication Failures Following The Update of NetScaler to Fix Auth Vulnerability appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-52969 | ClickHouse 25.7.1.557 Executable unprotected alternate channel (EUVD-2025-18907)

Vuldb Updates

2 months 1 week ago

A vulnerability was suspected in ClickHouse 25.7.1.557. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

vuldb.com

CVE-2025-52997 | filebrowser up to 2.34.0 excessive authentication (GHSA-cm2r-rg7r-p7gg)

Vuldb Updates

2 months 1 week ago

A vulnerability classified as problematic has been found in filebrowser up to 2.34.0. This affects an unknown part. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is uniquely identified as CVE-2025-52997. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-52995 | filebrowser up to 2.33.9 command injection (EUVD-2025-19580)

Vuldb Updates

2 months 1 week ago

A vulnerability was found in filebrowser up to 2.33.9 and classified as critical. This issue affects some unknown processing. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-52995. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49493 | Akamai CloudTest 58.30 xml external entity reference (EUVD-2025-19583)

Vuldb Updates

2 months 1 week ago

A vulnerability was found in Akamai CloudTest 58.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to xml external entity reference. This vulnerability is known as CVE-2025-49493. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-36593 | Dell OpenManage Network Integration up to 3.7 RADIUS Protocol authentication replay (dsa-2025-257 / EUVD-2025-19568)

Vuldb Updates

2 months 1 week ago

A vulnerability, which was classified as critical, has been found in Dell OpenManage Network Integration up to 3.7. Affected by this issue is some unknown functionality of the component RADIUS Protocol. The manipulation leads to authentication bypass by capture-replay. This vulnerability is handled as CVE-2025-36593. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-29850 | Veeam Backup & Replication 11.0.1.1261/11.0.1.1261 P20240304/12.0.0.1420 authentication replay

Vuldb Updates

2 months 1 week ago

A vulnerability, which was classified as critical, has been found in Veeam Backup & Replication 11.0.1.1261/11.0.1.1261 P20240304/12.0.0.1420. This issue affects some unknown processing. The manipulation leads to authentication bypass by capture-replay. The identification of this vulnerability is CVE-2024-29850. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

2 months 1 week ago

NSFOCUS Fuying Lab’s Global Threat Hunting System has discovered a new botnet family called “hpingbot” that has been quickly expanding since June 2025, marking a significant shift in the cybersecurity scene. This cross-platform botnet, built from scratch using the Go programming language, targets both Windows and Linux/IoT environments and supports multiple processor architectures including amd64, […]

The post New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

深度解读美国政府的零日漏洞保留政策

qz安全情报分析

2 months 1 week ago

在万物互联的数字世界里，绝对的安全或许只是一种幻觉。

CHAOS

Dark Feed IO

2 months 1 week ago

You must login to view this content

cohenido

Grafana releases critical security update for Image Renderer plugin

Bleeping Computer.

2 months 1 week ago

Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...]

Bill Toulas

CVE-2025-26634 | Microsoft Windows up to Server 2025 Core Messaging heap-based overflow

Vuldb Updates

2 months 1 week ago

A vulnerability has been found in Microsoft Windows and classified as critical. This vulnerability affects unknown code of the component Core Messaging. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-26634. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

Aggregator

Managed ad