Aggregator

Submit #592199 / VDB-311673

Submit #592198 / VDB-311673

A vulnerability, which was classified as problematic, has been found in Honding Smart Parking Management System up to 1.4. Affected by this issue is some unknown functionality. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is handled as CVE-2025-5893. The attack may be launched remotely. There is no exploit available.

BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made […]

A vulnerability, which was classified as critical, was found in Browser. Affected is an unknown function. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2007-1156. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows XP. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2007-1204. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Windows up to 2003/XP. It has been declared as critical. This vulnerability affects unknown code of the component URL Parser. The manipulation leads to memory corruption. This vulnerability was named CVE-2007-1205. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Citrix Presentation Server 9.x. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption (Stored). The identification of this vulnerability is CVE-2007-1196. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Microsoft Windows up to 2003 SP2. Affected by this vulnerability is an unknown functionality of the component Kernel Mapped Memory Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2007-1206. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

Домашний интернет стал прикрытием для атак.

A sophisticated new malware attack vector that manipulates users through fake browser verification prompts designed to mimic legitimate CAPTCHA systems.  This attack leverages social engineering techniques combined with clipboard manipulation and obfuscated PowerShell commands to trick victims into voluntarily executing malicious code on their systems.  The campaign represents a significant evolution in malware distribution methods, […]

The post New Malware Attack Via “I’m not a Robot Check” to Trick Users into Running Malware appeared first on Cyber Security News.

奇安信威胁情报中心和天擎猎鹰团队在终端运营过程中发现一伙未知的攻击者正在瞄准区块链行业的客户攻击，该活动通过Telagram通信软件一对一进行传播，压缩包中为Lnk诱饵，双击后弹转账记录截图和释放白加黑组件，内存加载DcRat。

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. This vulnerability is known as CVE-2025-5899. An attack has to be approached locally. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-5898. The attack needs to be approached locally. Furthermore, there is an exploit available.

Have you ever had a client ask, “How much risk are we facing?” and all you had was a pie chart to show them? In 2025, that doesn’t cut it. Today’s business executives expect more. They want risk explained in clear, unambiguous terms—and most of all, they want numbers. Not just because it sounds smart […]

The post Why MSSPs Must Prioritize Cyber Risk Quantification in 2025 appeared first on Centraleyes.

The post Why MSSPs Must Prioritize Cyber Risk Quantification in 2025 appeared first on Security Boulevard.

Submit #586106 / VDB-311671

Submit #586105 / VDB-311670

A vulnerability, which was classified as critical, has been found in ChurchCRM 5.5.0. Affected by this issue is some unknown functionality of the file FRCatalog.php of the component GET Parameter Handler. The manipulation of the argument CurrentFundraiser leads to sql injection. This vulnerability is handled as CVE-2024-25897. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Archer Platform up to 6.14 P2 HF1. Affected by this vulnerability is an unknown functionality of the component Internal URL Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-26309. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in esnet iPerf3 up to 3.16 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OpenSSL Handler. The manipulation leads to cryptographic issues. This vulnerability is known as CVE-2024-26306. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.