Aggregator

5 months 1 week ago

A vulnerability, which was classified as critical, was found in CAYIN SMP-8000QD, SMP-8000, SMP-6000, SMP-4000, SMP-2310, SMP-2300, SMP-2210, SMP-2200, SMP-2100, SMP-2000, SMP-1000, SMP-PROPLUS, SMP-WEBPLUS, SMP-WEB4, SMP-300, SMP-200, SMP-PRO4, SMP-NEO2 and SMP-NEO 3.0. The impacted element is an unknown function of the file system.cgi. Such manipulation of the argument NTP_Server_IP leads to os command injection. This vulnerability is listed as CVE-2020-36910. The attack may be performed from remote. There is no available exploit.

vuldb.com

CVE-2020-36909 | Secure Computing SnapGear Management Console SG560 3.1.5 edit_config_files path traversal (Exploit 48556 / EUVD-2026-1029)

5 months 1 week ago

A vulnerability marked as critical has been reported in Secure Computing SnapGear Management Console SG560 3.1.5. Impacted is an unknown function of the file /cgi-bin/cgix/edit_config_files of the component Management Console. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2020-36909. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2020-36918 | Yerootech iDS6 DSSPro Digital Signage System 4.3/5.6 B2017.07.12.1757/6.2 B2014.12.12.1220 cross-site request forgery (Exploit 48990 / EUVD-2026-1018)

5 months 1 week ago

A vulnerability was found in Yerootech iDS6 DSSPro Digital Signage System 4.3/5.6 B2017.07.12.1757/6.2 B2014.12.12.1220. It has been classified as problematic. This affects an unknown part. This manipulation causes cross-site request forgery. This vulnerability is registered as CVE-2020-36918. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-69334 | WPFactory Wishlist for WooCommerce Plugin up to 3.3.0 on WordPress cross site scripting (CNNVD-202601-998)

5 months 1 week ago

A vulnerability was found in WPFactory Wishlist for WooCommerce Plugin up to 3.3.0 on WordPress. It has been classified as problematic. This affects an unknown function. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-69334. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-69335 | Themepoints Team Showcase Plugin up to 2.9 on WordPress cross site scripting (CNNVD-202601-997)

5 months 1 week ago

A vulnerability was found in Themepoints Team Showcase Plugin up to 2.9 on WordPress. It has been rated as problematic. Affected is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-69335. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-69331 | Jeroen Schmit Theater for WordPress Plugin up to 0.19 on WordPress authorization (CNNVD-202601-999)

5 months 1 week ago

A vulnerability described as critical has been identified in Jeroen Schmit Theater for WordPress Plugin up to 0.19 on WordPress. This impacts an unknown function. Such manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-69331. The attack can be launched remotely. No exploit exists.

vuldb.com

Interlock

5 months 1 week ago

You must login to view this content

cohenido

Interlock

5 months 1 week ago

You must login to view this content

cohenido

Akira

5 months 1 week ago

You must login to view this content

cohenido

Owner of Stalkerware Maker pcTattletale Pleads Guilty to Hacking

Security Boulevard

5 months 1 week ago

Bryan Fleming, who founded the stalkerware business pcTattletale, pleaded guilty in federal court to hacking and conspiracy charges. Investigators said he crossed the line when he started marketing the software to people who wanted to covertly plant it on the smartphones of unsuspecting victims to track their activities and movements.

The post Owner of Stalkerware Maker pcTattletale Pleads Guilty to Hacking appeared first on Security Boulevard.

Jeffrey Burt

Akira

5 months 1 week ago

You must login to view this content

cohenido

CVE-2025-59955 | coollabsio coolify up to 4.0.0-beta.428 API Endpoint members insertion of sensitive information into sent data (GHSA-927g-56xp-6427 / WID-SEC-2026-0031)

5 months 1 week ago

A vulnerability classified as problematic was found in coollabsio coolify up to 4.0.0-beta.428. This vulnerability affects unknown code of the file /api/v1/teams/{team_id}/members of the component API Endpoint. Such manipulation leads to insertion of sensitive information into sent data. This vulnerability is traded as CVE-2025-59955. The attack may be launched remotely. There is no exploit available.

vuldb.com

PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352

Cyber Security News

5 months 1 week ago

A proof-of-concept (PoC) exploit for CVE-2025-38352, a critical race condition vulnerability in the Linux kernel, has been publicly released on GitHub. The vulnerability, discovered earlier this year, targets the POSIX CPU timers implementation and was previously exploited in limited, targeted attacks against 32-bit Android devices. CVE-2025-38352 is a use-after-free (UAF) vulnerability in the Linux kernel’s handle_posix_cpu_timers() function. […]

The post PoC Exploit Released for Android/Linux Kernel Vulnerability CVE-2025-38352 appeared first on Cyber Security News.

Abinaya

Why Palo Alto Is Eyeing a $400M Buy of Endpoint Vendor Koi

5 months 1 week ago

Deal Represents Return to Tuck-In M&A for Palo After 3 Multi-Billion Dollar Deals
Palo Alto Networks is in talks to buy Washington D.C-based endpoint security startup Koi for $400 million. Koi is focused on securing extensions, AI models, code packages and containers, and its differentiation lies in mapping, assessing risk and govern the software landscape at enterprise scale.

Zero Trust for the Age of Autonomous AI Agents - Part 1

5 months 1 week ago

Why Human-Centric Zero Trust Models Fail in a World of Autonomous AI Agents
Zero trust was built for humans, not autonomous AI agents. As organizations adopt agentic AI at scale, human-centric security assumptions break down - creating a paradox between utility and least privilege that traditional zero trust models cannot resolve.

Conduent Hack Victim Count Soars by at Least 50%

5 months 1 week ago

Why Are Third-Party Vendor Breaches So Hard to Figure Out?
The victim tally of a 2024 hacking incident at back office services provider Conduent again soared after a new regulatory disclosure by the company, in this case to Texas authorities. The company told Lone Star state officials the breach affected nearly 14.8 million Texans, alone.

FCC Loses Lead Support for Biden-Era IoT Security Labeling

5 months 1 week ago

FCC Lacks Lead for Cyber Trust Mark Program After UL Solutions Steps Down From Post
UL Solutions has exited its role as lead administrator of the FCC's Cyber Trust Mark, leaving the flagship consumer IoT labeling program without oversight just months after internal security reviews raised concerns over foreign influence in program management.

Threats to Critical Infrastructure Expected to Intensify

5 months 1 week ago

Geopolitics Puts OT at Greater Risk From Nation States, Criminals and Hacktivists
Attacks against critical infrastructure are expected to increase in scope and intensity including hacks on operational technology systems. State actors are now looking for ways to cause damage and disrupt operations, rather than simply steal secrets, according to cybersecurity experts.

Australia's Scams Framework Criticized Over Major Exclusions