Aggregator

Submit #649798 / VDB-325128

A vulnerability was found in jeecgboot JimuReport up to 2.1.2 and classified as critical. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. This vulnerability is handled as CVE-2025-10771. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in jeecgboot JimuReport up to 2.1.2 and classified as critical. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. This vulnerability is known as CVE-2025-10770. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. This vulnerability is traded as CVE-2025-10769. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. This vulnerability appears as CVE-2025-10768. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #649793 / VDB-325125

Submit #649778 / VDB-325127

Submit #649755 / VDB-325126

Submit #649728 / VDB-325125

Submit #649508 / VDB-325124

A vulnerability classified as problematic was found in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handler. The manipulation of the argument configuration["PASSWORD"] results in os command injection. This vulnerability is reported as CVE-2025-10767. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #648118 / VDB-325123

A vulnerability classified as problematic has been found in Bluefeet Starch up to 0.14. Impacted is the function rand of the component Default Session ID Generator. The manipulation leads to generation of predictable numbers or identifiers. This vulnerability is documented as CVE-2025-40925. The attack can be initiated remotely. There is not any exploit available.

Там, откуда обычно ждут спасения, остаётся только пустота.

Name: K17 CTF (an K17 CTF event.)
Date: Sept. 19, 2025, 8 a.m. — 21 Sept. 2025, 08:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.secso.cc/
Rating weight: 24.82
Event organizers: K17

Name: CDCTF 2025 (an CDCTF event.)
Date: Sept. 20, 2025, 3 p.m. — 21 Sept. 2025, 03:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://uacrimsondefense.github.io/cdctf.html
Rating weight: 25.00
Event organizers: Crimson Defense

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Most enterprise AI use is invisible to security teams Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. Arkime: Open-source network analysis and packet capture system Arkime is an open-source system for large-scale network analysis and … More →

The post Week in review: Chrome 0-day fixed, npm supply chain attack, LinkedIn data used for AI appeared first on Help Net Security.

A detailed guide for CTOs and VP of Engineering on achieving enterprise readiness for software, covering security, scalability, compliance, and integration.

The post Steps to Achieve Enterprise Readiness for Software appeared first on Security Boulevard.

Explore vulnerability management and remediation solutions for enterprise SSO and CIAM. Learn to protect your systems from cyber threats with effective strategies.

The post Vulnerability Management and Remediation Solutions appeared first on Security Boulevard.

A vulnerability described as critical has been identified in Apple QuickTime up to 7.0.1. The impacted element is an unknown function. The manipulation results in code injection. This vulnerability is identified as CVE-2009-0955. The attack can be executed remotely. Additionally, an exploit exists. Upgrading the affected component is recommended.