Aggregator

CVE-2025-6490 | sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 hashmap.c hashmap_set_with_hash heap-based overflow (EUVD-2025-18911)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-6490. An attack has to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
vuldb.com

CVE-2025-6494 | sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 hashmap.c hashmap_get_with_hash heap-based overflow (Issue 3508 / EUVD-2025-18858)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6494. An attack has to be approached locally. Furthermore, there is an exploit available. The real existence of this vulnerability is still doubted at the moment. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.
vuldb.com

CVE-2024-23973 | Silicon Labs Gecko OS HTTP GET Request stack-based overflow

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Silicon Labs Gecko OS. It has been declared as critical. This vulnerability affects unknown code of the component HTTP GET Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-23973. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2014-9175 | wpdatatables up to 1.5.3 wpdatatables.php table_id sql injection (ID 129232 / EDB-35340)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in wpdatatables up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file wpdatatables.php. The manipulation of the argument table_id leads to sql injection. This vulnerability is known as CVE-2014-9175. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-52901 | filebrowser up to 2.33.8 get request method with sensitive query strings (EUVD-2025-19581)

VulDB Recent Entries
2 months 1 week ago
A vulnerability has been found in filebrowser up to 2.33.8 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to use of get request method with sensitive query strings. This vulnerability was named CVE-2025-52901. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-52996 | filebrowser up to 2.32.0 Password Protected Link authentication bypass (EUVD-2025-19579)

VulDB Recent Entries
2 months 1 week ago
A vulnerability, which was classified as problematic, was found in filebrowser up to 2.32.0. This affects an unknown part of the component Password Protected Link Handler. The manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-52996. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-27218 | Sitecore Experience Manager/Experience Platform up to 10.4 deserialization (KB1003535 / EDB-52344)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in Sitecore Experience Manager and Experience Platform up to 10.4 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-27218. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Qilin

Dark Feed IO
2 months 1 week ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
2 months 1 week ago

You must login to view this content

cohenido

Hackers Deliver Remcos Malware Via .pif Files and UAC Bypass in Windows

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 1 week ago

A sophisticated phishing campaign has emerged, distributing the notorious Remcos Remote Access Trojan (RAT) through the DBatLoader malware. This attack chain, analyzed in ANY.RUN’s Interactive Sandbox, leverages a combination of User Account Control (UAC) bypass techniques, obfuscated scripts, Living Off the Land Binaries (LOLBAS) abuse, and persistence mechanisms to infiltrate systems undetected. The campaign begins […]

The post Hackers Deliver Remcos Malware Via .pif Files and UAC Bypass in Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations

Threat intelligence | Microsoft Security Blog
2 months 1 week ago

Since 2024, Microsoft Threat Intelligence has observed remote IT workers deployed by North Korea leveraging AI to improve the scale and sophistication of their operations, steal data, and generate revenue for the North Korean government.

The post Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations appeared first on Microsoft Security Blog.

Microsoft Threat Intelligence

CVE-2025-36593 | Dell OpenManage Network Integration up to 3.7 RADIUS Protocol authentication replay (dsa-2025-257 / EUVD-2025-19568)

VulDB Recent Entries
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in Dell OpenManage Network Integration up to 3.7. Affected by this issue is some unknown functionality of the component RADIUS Protocol. The manipulation leads to authentication bypass by capture-replay. This vulnerability is handled as CVE-2025-36593. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

LinuxFest Northwest: See How Far COSMIC Has Come This Year

Security Boulevard
2 months 1 week ago

Authors/Presenters: Carl Richell (CEO And Founder, System76)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: See How Far COSMIC Has Come This Year appeared first on Security Boulevard.

Marc Handelman

Managed ad