Aggregator

A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-2357. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7. This affects an unknown part of the component Commons FileUpload. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2025-48976. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7 on Windows and classified as critical. This vulnerability affects unknown code of the file icacls.exe of the component Installer. The manipulation leads to untrusted search path. This vulnerability was named CVE-2025-49124. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apache Tomcat up to 9.0.105/10.1.41/11.0.7. This affects an unknown part. The manipulation leads to authentication bypass using alternate channel. This vulnerability is uniquely identified as CVE-2025-49125. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been classified as critical. This affects an unknown part of the component iCloud Link Handler. The manipulation leads to Remote Code Execution. This vulnerability is uniquely identified as CVE-2025-43200. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

WiCyS is not a women-only organization but rather a community of allies committed to solving the cybersecurity work shortage, together.

The post Women in CyberSecurity (WiCyS): Building Community and Fostering Opportunity in Cybersecurity appeared first on Security Boulevard.

“主动+被动”双重测绘，多维风险检测及多渠道预警！

SmartAttack需要恶意软件以某种方式感染与互联网物理隔离的计算机，以收集诸如键盘输入、加密密钥和凭证等敏感信息。然后，它可以利用计算机的内置扬声器向环境中发出超声波信号。

A vulnerability was found in Jelsoft vBulletin 3.0.0 Rc4. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation of the argument Query leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2004-2076. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Accelerate human-led innovation, automate the grunt work and make sure AI delivers real value without proliferating new security risks. 

The post From LLMs to Cloud Infrastructure: F5 Aims to Secure the New AI Attack Surface  appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 4 - A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

Currently trending CVE - Hype Score: 5 - Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able ...

Currently trending CVE - Hype Score: 4 - In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.

Currently trending CVE - Hype Score: 4 - The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP ...

Currently trending CVE - Hype Score: 4 - Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.

Currently trending CVE - Hype Score: 19 - A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect™ gateway and portal features of Palo Alto Networks PAN-OS® software enables execution of malicious JavaScript in the context of an authenticated Captive Portal user's browser when they click on a specially ...

Currently trending CVE - Hype Score: 21 - Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Currently trending CVE - Hype Score: 1 - Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.

Currently trending CVE - Hype Score: 21 - Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.

Currently trending CVE - Hype Score: 23 - A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not ...