Aggregator

A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The identification of this vulnerability is CVE-2025-0331. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Microsoft Azure AI Search. Affected by this vulnerability is an unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2024-29063. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Hyper-V. The manipulation leads to improper handling of length parameter inconsistency. This vulnerability is handled as CVE-2024-29064. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-13200. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2024-13206. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 17.5.0/17.6.0/17.7.0. This issue affects some unknown processing of the component API Request Handler. The manipulation leads to file and directory information exposure. The identification of this vulnerability is CVE-2025-0194. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Winston-Salem, North Carolina, residents are not able to pay their utility bills online after a pos

Are you looking to enhance your government organization’s critical security systems? The Biden-H

The Biden-Harris Administration’s Bipartisan Infrastructure Law, also known as the Infrastructure Investment and Jobs Act (IIJA), allows organizations to receive government grant money for improved cybersecurity.

The post Leveraging Government Grants to Enhance Critical Security Systems appeared first on Security Boulevard.

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-s

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. "Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple's XProtect," Check Point Research said in a new analysis shared with The Hacker News. "This development allows it to

Основатель мессенджера ответил Цукербергу.

Following Mergers and Acquis

Our nation’s critical infrastructure is increasingly brittle and under attack. Take the recent r

Our nation’s critical infrastructure is increasingly brittle and under attack. Take the recent report that the drinking water of millions of Americans is at risk due to technical vulnerabilities.

The post Building Resilience Into Cyber-Physical Systems Has Never Been This Mission-Critical   appeared first on Security Boulevard.

Key TakeawaysHexaLocker was first discovered in mid-2024, with version 2 introducing sig

树莓派不再廉价还会有多少人购买？树莓派宣布推出售价 120 美元 16GB 内存版本的 Raspberry Pi 5。Raspberry Pi 5 此前推出了三个不同内存大小的版本：2GB

树莓派不再廉价还会有多少人购买？树莓派宣布推出售价 120 美元 16GB 内存版本的 Raspberry Pi 5。Raspberry Pi 5 此前推出了三个不同内存大小的版本：2GB、4GB 和 8GB。树莓派称，Raspberry Pi 5 的性能相比 Raspberry Pi 4 提升了三倍，增加更多内存将为运行大模型和计算流体动力学等用例打开大门，此外 Ubuntu 等重量级发行版也能受益于更多内存。

A new and sophisticated phishing scam has been uncovered, leveraging Microsoft 365 domains to trick users into compromising their PayPal accounts. The attack exploits legitimate-looking sender addresses and URLs, making it harder for victims to recognize the phishing attempt. Security experts, including Chief Information Security Officers (CISOs), have raised alarms about the growing menace, urging […]

The post New PayPal Phishing Abusing Microsoft365 Domains for Sophisticated Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.