Aggregator

CVE-2025-34510 | Sitecore Experience Manager up to 9.3/10.4 path traversal (EUVD-2025-18525)

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability classified as critical has been found in Sitecore Experience Manager, Experience Platform and Experience Commerce up to 9.3/10.4. This affects an unknown part. The manipulation leads to relative path traversal. This vulnerability is uniquely identified as CVE-2025-34510. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-34509 | Sitecore Experience Manager/Experience Platform 10.1.4/10.3.3/10.4.1 Administrative API hard-coded credentials (EUVD-2025-18524)

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in Sitecore Experience Manager and Experience Platform 10.1.4/10.3.3/10.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Administrative API. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2025-34509. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-33122 | IBM i 7.2/7.3/7.4/7.5/7.6 Advanced Job Scheduler uncontrolled search path

VulDB Recent Entries
5 months 3 weeks ago
A vulnerability was found in IBM i 7.2/7.3/7.4/7.5/7.6 and classified as critical. This issue affects some unknown processing of the component Advanced Job Scheduler. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-33122. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

LinuxFest Northwest: Challenges of Managing Community Meetup Post-Pandemic

Security Boulevard
5 months 3 weeks ago

Author/Presenter: Mariatta Wijaya (Python Core Developer)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Challenges of Managing Community Meetup Post-Pandemic appeared first on Security Boulevard.

Marc Handelman

New KimJongRAT Stealer Uses Weaponized LNK File to Deploy PowerShell-Based Dropper

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months 3 weeks ago

The two new variants of the KimJongRAT stealer have emerged, showcasing the persistent and evolving nature of this malicious tool first identified in 2013. Detailed research by Palo Alto Networks’ Unit 42 reveals that these variants, one employing a Portable Executable (PE) file and the other a PowerShell implementation, leverage a weaponized Windows shortcut (LNK) […]

The post New KimJongRAT Stealer Uses Weaponized LNK File to Deploy PowerShell-Based Dropper appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2021-45444 | Apple macOS up to 12.3 zsh Remote Code Execution (HT213257 / Nessus ID 239959)

Vuldb Updates
5 months 3 weeks ago
A vulnerability classified as critical has been found in Apple macOS up to 12.3. Affected is an unknown function of the component zsh. The manipulation leads to Remote Code Execution. This vulnerability is traded as CVE-2021-45444. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-45444 | zsh up to 5.8.0 PROMPT_SUBST Expansion privilege escalation (FEDORA-2022-adf0c6d196 / Nessus ID 239959)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in zsh up to 5.8.0 and classified as critical. This issue affects some unknown processing of the component PROMPT_SUBST Expansion Handler. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2021-45444. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-13692 | PostgreSQL up to 42.2.12 JDBC Driver xml external entity reference (Nessus ID 239971)

Vuldb Updates
5 months 3 weeks ago
A vulnerability was found in PostgreSQL up to 42.2.12. It has been classified as critical. This affects an unknown part of the component JDBC Driver. The manipulation leads to xml external entity reference. This vulnerability is uniquely identified as CVE-2020-13692. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-35391 | Microsoft ASP.NET Core/.NET/Visual Studio information disclosure (Nessus ID 239977)

Vuldb Updates
5 months 3 weeks ago
A vulnerability has been found in Microsoft ASP.NET Core, .NET and Visual Studio and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2023-35391. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Managed ad