Aggregator

A vulnerability marked as problematic has been reported in Liferay Portal and DXP. Affected by this vulnerability is an unknown functionality of the component Organization Selector Handler. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-43788. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. This vulnerability is known as CVE-2025-10271. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in IBM Fusion, Fusion HCI and Fusion HCI for Watsonx up to 2.10.1. This impacts an unknown function. The manipulation leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-36222. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

欢迎25级硕博新生加入白泽大家庭~

Submit #643522 / VDB-323778

Submit #643521 / VDB-323777

Submit #643520 / VDB-323777

Submit #643519 / VDB-323776

Submit #643518 / VDB-323775

Submit #643517 / VDB-323774

When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. [...]

Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities.

Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in partnership with G42, was designed to offer unprecedented transparency by exposing its internal decision-making process for compliance and audit purposes. However, this very […]

The post K2 Think AI Model Jailbroken Within Hours After The Release appeared first on Cyber Security News.

Массовые взломы стартовали 21 августа, однако полная картина происходящего стала доступна только сейчас.

The official's call for a renewal came less than three weeks before the 2015 Cybersecurity Information Sharing Act (CISA 2015), which provides incentives for private entities to voluntarily share digital threat intelligence with the federal government, is due to sunset.

HP Wolf has reported the use of multiple, uncommon binaries and novel uses of legitimate image files in recent malicious campaigns

ESET Research has uncovered a sophisticated new ransomware variant called HybridPetya, discovered on the VirusTotal sample sharing platform. This malware represents a dangerous evolution of the infamous Petya/NotPetya ransomware family, incorporating advanced capabilities to compromise UEFI-based systems and exploit CVE-2024-7344 to bypass UEFI Secure Boot protections on vulnerable systems. Unlike its predecessors, HybridPetya demonstrates significant […]

The post HybridPetya Exploits UEFI Vulnerability to Bypass Secure Boot on Legacy Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in JeecgBoot up to 3.8.2. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. This vulnerability is documented as CVE-2025-10318. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Emlog Pro up to 2.5.18. It has been declared as critical. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. This vulnerability is referenced as CVE-2025-9296. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-9300. The attack must be initiated from a local position. Furthermore, there is an exploit available. Applying a patch is advised to resolve this issue.