Aggregator

A vulnerability marked as critical has been reported in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. Affected is an unknown function of the component Command-Line Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2025-37123. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in HPE Aruba Networking EdgeConnect SD-WAN Gateway up to 9.4.3.7/9.5.3.6. This impacts an unknown function of the component Web API. Executing manipulation can lead to denial of service. This vulnerability is handled as CVE-2025-37128. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes relative path traversal. This vulnerability is tracked as CVE-2025-55115. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. This affects an unknown part. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-55116. The attack must be carried out locally. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in VMware Spring Cloud Gateway Server Webflux up to 3.1.10/4.1.10/4.2.4/4.3.0. This issue affects some unknown processing of the component Actuator Endpoint. This manipulation causes improper neutralization of special elements used in an expression language statement. This vulnerability appears as CVE-2025-41243. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.1.3 and classified as critical. This affects an unknown function of the component File Parser. The manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-54262. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. Affected by this issue is some unknown functionality. Performing manipulation results in improper certificate validation. This vulnerability is known as CVE-2025-55109. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in BMC Control-M and Agent 9.0.18/9.0.19/9.0.20. Affected by this vulnerability is an unknown functionality of the component Network Traffic Handler. This manipulation causes use of hard-coded cryptographic key . This vulnerability is registered as CVE-2025-55112. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability categorized as critical has been discovered in HTMLDOC up to 1.9.13. Affected is the function image_load_bmp of the component BMP File Handler. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2021-43579. The attack may be performed from remote. In addition, an exploit is available. Applying a patch is advised to resolve this issue.

文章探讨了数据安全态势管理（DSPM）如何帮助IT服务提供商（MSP和MSSP）通过提供数据驱动的安全服务，在竞争激烈的市场中脱颖而出。DSPM整合了自动化数据发现、分类、访问控制和持续监控功能，帮助提供商提升客户信任、降低流失率，并实现合规性与运营效率的提升。通过Cavelo等解决方案，服务提供商能够快速部署、统一管理多租户环境，并为客户提供实时风险洞察和审计支持。

Discover how DSPM helps MSSPs prove value, reduce churn, and strengthen client trust with proactive, data-centric security.

The post How DSPM Helps MSSPs Prove Value to Clients and Reduce Churn appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.1.1. It has been classified as critical. This affects the function usb_endpoints of the file drivers/usb/core/urb.c. This manipulation causes information disclosure. This vulnerability is tracked as CVE-2022-50297. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.0.5. Impacted is the function io_msg_send_fd of the component msg_ring. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2022-50295. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI catchers or Stingrays, mimic cell towers to trick phones into connecting so they can collect data. Rayhunter gives researchers, journalists, and privacy advocates a way to identify suspicious cellular activity. EFF group developed it to work on a common, low-cost mobile hotspot device. At launch, they used an Orbic hotspot, … More →

The post Rayhunter: EFF releases open-source tool to detect cellular spying appeared first on Help Net Security.

A CVSS score 9.9 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Hugo LECLERCQ' was reported to the affected vendor on: 2025-09-17, 90 days ago. The vendor is given until 2026-01-15 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability, which was classified as problematic, has been found in Qualcomm Qpopper 4.0/4.0.1/4.0.2/4.0.3. The impacted element is an unknown function of the component String Handler. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2002-0454. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in BG Guestbook 1.0 and classified as problematic. Affected is an unknown function of the file signgbook.php of the component Tag Handler. Such manipulation of the argument name/email/aim/website/location/message leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2002-0457. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Bitvise WinSSHD 1.1. It has been rated as problematic. This affects an unknown part of the component Connection Request Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2002-0460. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Big Sam up to 1.1.08. This issue affects some unknown processing of the file bigsam_guestbook.php of the component Error Message Handler. This manipulation of the argument displayBegin causes improper privilege management. This vulnerability is tracked as CVE-2002-0462. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Легендарный язык 90-х показал лучший рост среди классических технологий.