Aggregator

A vulnerability was found in NCR Terminal Handler 1.5.1. It has been rated as critical. This issue affects some unknown processing of the component UserService SOAP API. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2023-47032. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WhiteBeam 0.2.0/0.2.1. It has been declared as problematic. This vulnerability affects the function OpenFileDescriptor. The manipulation leads to incorrect behavior order. This vulnerability was named CVE-2021-47688. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17. It has been classified as problematic. This affects an unknown part of the component LL_Pause_Enc_Req Packet Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-44528. It is possible to initiate the attack remotely. There is no exploit available.

IBM is integrating its governance and AI security tools to address the risks associated with the AI adoption boom.

A vulnerability was found in pbkdf2 up to 3.1.2 and classified as critical. Affected by this issue is some unknown functionality in the library lib/to-buffer.Js. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-6545. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in NCR Terminal Handler 1.5.1 and classified as critical. Affected by this vulnerability is the function grantRolesToUsers/grantRolesToGroups/grantRolesToOrganization of the component SOAP API. The manipulation leads to privilege escalation. This vulnerability is known as CVE-2023-47031. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mitel OpenScape Xpressions up to V7R1 FR5 HF43 P913. Affected is an unknown function of the component WebApl. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-48026. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in quarkusio quarkus up to 3.23.x. This issue affects some unknown processing. The manipulation leads to exposure of resource. The identification of this vulnerability is CVE-2025-49574. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ClickHouse 25.7.1.557. This vulnerability affects the function Executable. The manipulation leads to unprotected alternate channel. This vulnerability was named CVE-2025-52969. Attacking locally is a requirement. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in notepad-plus-plus Notepad++ up to 8.8.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Installer. The manipulation leads to least privilege violation. This vulnerability is handled as CVE-2025-49144. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in NCR Terminal Handler 1.5.1. This affects an unknown part of the component UserService SOAP API. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2023-47030. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file update-teacher-pic.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-50349. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been classified as critical. Affected is an unknown function of the file update-class-pic.php. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-50348. It is possible to launch the attack remotely. There is no exploit available.

APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files […]

The post APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so […]

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

1inch, the leading DeFi aggregator, has launched an upgraded bug bounty initiative, covering five key areas of its platform, with rewards of up to $500,000. Through this initiative 1inch demonstrates its commitment to maintaining the highest level of security across its smart contracts, wallet, dApp, developer tools and infrastructure. As DeFi continues to mature, so […]

The post 1inch rolls out expanded bug bounties with rewards up to $500K appeared first on Cyber Security News.

The 2025 JWT vulnerabilities remind us that security is not a destination—it's an ongoing journey that requires expertise, vigilance, and the right tools. The question is: do you want to make that journey alone, or do you want a trusted partner who specializes in exactly this challenge?

The post JWT Security in 2025: Critical Vulnerabilities Every B2B SaaS Company Must Know appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 16 - A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to ...

Currently trending CVE - Hype Score: 25 - A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS ...