Aggregator

A vulnerability was found in X.org X11 Server up to 1.20.8. It has been declared as critical. Affected by this vulnerability is the function XkbSetNames. The manipulation leads to memory corruption. This vulnerability is known as CVE-2020-14345. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Oracle PeopleSoft Enterprise PeopleTools 8.58/8.59/8.60. Affected by this vulnerability is an unknown functionality of the component File Processing. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2022-27782. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in libcurl. It has been classified as problematic. This affects an unknown part of the component Connection Pool Handler. The manipulation leads to enforcement of behavioral workflow. This vulnerability is uniquely identified as CVE-2022-27782. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0/22.2.0. This issue affects some unknown processing of the component Configuration. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2022-27782. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle HTTP Server 12.2.1.4.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SSL Module. The manipulation leads to improper certificate validation. This vulnerability is known as CVE-2022-27782. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Tijaji Theme up to 1.43 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-23983. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Flashy Theme up to 1.2.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23979. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Fuji Electric V-SFT up to 6.2.5.0. It has been rated as critical. This issue affects the function VS6File!CTxSubFile::get_ProgramFile_name. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-47758. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Fuji Electric S-SFT up to 6.2.5.0. Affected is the function VS6ComFile!CV7BaseMap::WriteV7DataToRom. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-47759. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ConnectWise Risk Assessment. It has been declared as problematic. This vulnerability affects unknown code of the file ConnectWise-Password-Encryption-Utility.exe of the component AES Decryption Key Handler. The manipulation leads to hard-coded credentials. This vulnerability was named CVE-2025-4876. Attacking locally is a requirement. There is no exploit available.

A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-phishing attacks that exploit XSS vulnerabilities.

A vulnerability has been found in GE Vernova WorkstationST up to 07.10.10C on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component EGD Configuration Server Module. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-3223. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Danny Vink User Profile Meta Manager Plugin up to 1.02 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-48340. It is possible to launch the attack remotely. There is no exploit available.

Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. [...]

Hospitals tied to the two companies announced breaches over the last week involving Social Security numbers, financial information and sensitive health insurance data.

Understanding the Realm of Non-Human Identities in Cloud Security Is your organization fully prepared to confront the new wave of cloud security challenges? If your answer is uncertain or negative, have you considered transforming your cybersecurity strategy to include Non-Human Identities (NHIs) and secrets management? Imagine the NHIs as ‘tourists’ traveling, with ‘passports’ being their […]

The post Adapting to New Security Challenges in the Cloud appeared first on Entro.

The post Adapting to New Security Challenges in the Cloud appeared first on Security Boulevard.

Feeling Overwhelmed By the Complexity of Cybersecurity? Are you one of the many professionals struggling to stay ahead of increasingly complex and evolving cybersecurity threats? If so, you’re not alone. The task of securing data and applications, particularly in the realm of the cloud, becomes more of a daunting task with each passing day. However, […]

The post Feeling Relieved with Solid Secrets Management appeared first on Entro.

The post Feeling Relieved with Solid Secrets Management appeared first on Security Boulevard.

Why is Identity Theft Prevention a Vital Component of Good Security? Have you ever considered the potential cost of a security breach and the resulting identity theft? According to the Federal Trade Commission (FTC), identity theft affected 4.8 million people in 2020, resulting in a financial loss of a staggering $56 billion. This striking statistic […]

The post Getting Better at Preventing Identity Theft appeared first on Entro.

The post Getting Better at Preventing Identity Theft appeared first on Security Boulevard.

Does your Organization Struggle with Compliance? If so, you’re not alone. Compliance with cybersecurity regulations often involves navigating a complex web of rules, many of which are constantly changing. This can be a burdensome task for any organization, particularly those operating. But what if there was a way to alleviate this burden? Enter the field […]

The post Relaxing the Burden of Compliance with Automation appeared first on Entro.

The post Relaxing the Burden of Compliance with Automation appeared first on Security Boulevard.

Serviceaide data leak exposes sensitive health info of 500K Catholic Health patients due to misconfigured database; risk of ID theft and fraud.