Aggregator

A vulnerability has been found in Mozilla Firefox, Thunderbird and Firefox ESR and classified as critical. This vulnerability affects unknown code of the component Security Check. The manipulation leads to incorrect type conversion. This vulnerability was named CVE-2019-9816. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.18.7 and classified as critical. This issue affects the function del_gendisk. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-49694. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in openziti ziti-console up to 3.7.0. This vulnerability affects unknown code of the file /api/upload. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-27500. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in openziti ziti-console up to 3.7.0. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-27501. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Vasion Print Virtual Appliance Host. It has been rated as problematic. This issue affects some unknown processing of the component AWS API Key Handler. The manipulation leads to use of hard-coded cryptographic key . The identification of this vulnerability is CVE-2025-27643. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-1891. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to cross site scripting. This vulnerability is traded as CVE-2025-1892. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Security researchers have disclosed critical Insecure Direct Object Reference (IDOR) vulnerabilities in ZITADEL’s administration interface that expose organizations to account takeover risks and unauthorized configuration changes. Tracked as CVE-2025-27507 with a CVSS v3.1 score of 9.1/10, these flaws allow authenticated users without proper permissions to manipulate sensitive LDAP configurations and other critical instance settings. Vulnerability Overview The vulnerabilities reside […]

The post Critical IDOR Vulnerabilities in ZITADEL Let Hackers Modify Key Settings appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

赛宁网安大模型四件套重磅发布！院士领衔，清华复旦老师最佳实践指导

销售速看，2025 年 ICS/OT 网络安全预算报告。

BreachRx this week added generative artificial intelligence (GenAI) capabilities to a security incident platform that promises to streamline workflows across all the stakeholders that need to collaborate.

The post BreachRx Brings Generative AI to Security Incident Management appeared first on Security Boulevard.

A sophisticated Android banking trojan campaign leveraging a malicious file manager application accumulated over 220,000 downloads on the Google Play Store before its removal.  Dubbed Anatsa (also known as TeaBot), the malware targets global financial institutions through a multi-stage infection process. It deploys fake login overlays and abuses accessibility services to steal credentials and execute […]

The post Android App With 220,000+ Downloads From Google Play Installs Banking Trojan appeared first on Cyber Security News.

A significant security vulnerability in LibreOffice, designated as CVE-2025-1080, has been patched in versions 24.8.5 and 25.2.1, released on March 4, 2025. The flaw, which allowed attackers to execute arbitrary scripts through manipulated macro URLs, posed a severe risk to users of the open-source office suite. This vulnerability underscores the importance of prompt software updates […]

The post LibreOffice Flaw Allows Attackers to Run Arbitrary Scripts via Macro URL appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

美国停止分享其分布在世界各地的大使馆和领事馆收集的空气质量数据。此举令科学家感到担忧，他们认为美国分享的数据对于监测全球空气质量和改善公共健康很重要。美国国务院回应称，其空气质量监测项目不再传输给美国环保署的 AirNow 应用，原因是资金限制导致该部门关闭了“底层网络”，大使馆和领事馆被要求继续运行其空气质量监测设备，一旦资金恢复，将会恢复数据共享。专家称，美国使馆收集的空气质量数据通常被认为很可靠，可以与当地政府收集和公布的数据进行交叉对比。此外在部分非洲国家美国使馆的数据是了解空气质量的唯一来源。

A vulnerability was found in tiangolo fastapi. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP Header Handler. The manipulation of the argument Content-Type leads to resource consumption. This vulnerability is known as CVE-2024-24762. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Intel VPL Software. This issue affects some unknown processing. The manipulation leads to improper sanitization of custom special characters. The identification of this vulnerability is CVE-2024-21808. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in openNDS 10.2.0. This affects an unknown part of the file /openNDS/src/auth.c. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-25763. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in Linux Kernel up to 6.8-rc1 and classified as problematic. Affected by this vulnerability is the function sniff_min_interval_set/sniff_max_interval_set of the component Bluetooth. The manipulation leads to race condition. This vulnerability is known as CVE-2024-24859. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.