Opera заявила, что Microsoft прячет Edge в каждую щель Windows и делает уход почти невозможным
Браузерная война возвращается.
Aggregator
CVE-2025-43018 | HP LaserJet Pro Printers Address Book information disclosure
2 months ago
A vulnerability was found in HP LaserJet Pro Printers and classified as problematic. This issue affects some unknown processing of the component Address Book Handler. The manipulation leads to information disclosure.
The identification of this vulnerability is CVE-2025-43018. The attack may be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-53357 | glpi up to 10.0.18 authorization (GHSA-x9mj-822q-6cf8)
2 months ago
A vulnerability has been found in glpi up to 10.0.18 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authorization bypass.
This vulnerability was named CVE-2025-53357. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53113 | glpi up to 10.0.18 access control (GHSA-r2mm-6499-4m8j)
2 months ago
A vulnerability, which was classified as critical, was found in glpi up to 10.0.18. This affects an unknown part. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2025-53113. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53944 | Significant-Gravitas AutoGPT up to 0.6.15 get_graph_execution_results graph_exec_id improper authorization (GHSA-x77j-qg2x-fgg6)
2 months ago
A vulnerability, which was classified as critical, has been found in Significant-Gravitas AutoGPT up to 0.6.15. Affected by this issue is the function get_graph_execution_results. The manipulation of the argument graph_exec_id leads to improper authorization.
This vulnerability is handled as CVE-2025-53944. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53008 | glpi up to 10.0.18 insufficiently protected credentials (GHSA-52h8-76ph-4j9q)
2 months ago
A vulnerability classified as problematic was found in glpi up to 10.0.18. Affected by this vulnerability is an unknown functionality. The manipulation leads to insufficiently protected credentials.
This vulnerability is known as CVE-2025-53008. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-52897 | glpi up to 10.0.18 cross site scripting (GHSA-6whm-q2rp-prqm)
2 months ago
A vulnerability classified as problematic has been found in glpi up to 10.0.18. Affected is an unknown function. The manipulation leads to basic cross site scripting.
This vulnerability is traded as CVE-2025-52897. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-52567 | glpi up to 10.0.18 RSS Feed server-side request forgery (GHSA-5mp6-mgmh-vrq7)
2 months ago
A vulnerability was found in glpi up to 10.0.18. It has been rated as critical. This issue affects some unknown processing of the component RSS Feed Handler. The manipulation leads to server-side request forgery.
The identification of this vulnerability is CVE-2025-52567. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53111 | glpi up to 10.0.18 access control (GHSA-p665-mqcr-j96j)
2 months ago
A vulnerability was found in glpi up to 10.0.18. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls.
This vulnerability was named CVE-2025-53111. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-46811 | SUSE Container Manager missing authentication
2 months ago
A vulnerability was found in SUSE Container Manager, Image SLES15-SP4-Manager-Server-4-3-BYOS, Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure, Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2, Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE and Manager Server Module. It has been classified as critical. This affects an unknown part. The manipulation leads to missing authentication.
This vulnerability is uniquely identified as CVE-2025-46811. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54433 | Bugsink up to 1.4.2/1.5.4/1.6.3/1.7.3 event_id path traversal (GHSA-q78p-g86f-jg6q)
2 months ago
A vulnerability was found in Bugsink up to 1.4.2/1.5.4/1.6.3/1.7.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument event_id leads to path traversal.
This vulnerability is handled as CVE-2025-54433. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54572 | SAML-Toolkits ruby-saml up to 1.18.0 resource consumption (GHSA-rrqh-93c8-j966)
2 months ago
A vulnerability has been found in SAML-Toolkits ruby-saml up to 1.18.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption.
This vulnerability is known as CVE-2025-54572. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53112 | glpi up to 10.0.18 access control
2 months ago
A vulnerability, which was classified as critical, was found in glpi up to 10.0.18. Affected is an unknown function. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2025-53112. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-54573 | cvat-ai cvat up to 2.41.x improper authentication
2 months ago
A vulnerability, which was classified as critical, has been found in cvat-ai cvat up to 2.41.x. This issue affects some unknown processing. The manipulation leads to improper authentication.
The identification of this vulnerability is CVE-2025-54573. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
5 Email Attacks SOCs Cannot Detect Without A Sandbox
2 months ago
Even with Slack, Teams, and every new communication tool out there, email remains the top attack vector for businesses. Why? Because it’s familiar, trusted, and easy to exploit. One convincing message is all it takes and threats slip right past filters, AVs, and EDRs without making a sound. Below are five real examples of attacks […]
The post 5 Email Attacks SOCs Cannot Detect Without A Sandbox appeared first on Cyber Security News.
Balaji N
Lazarus Subgroup ‘TraderTraitor’ Attacking Cloud Platforms and Poisoning Supply Chains
2 months ago
A sophisticated North Korean cyber espionage operation known as TraderTraitor has emerged as one of the most formidable threats to the global cryptocurrency ecosystem, conducting billion-dollar heists through advanced supply chain compromises and cloud platform infiltrations. Originally codnamed by the U.S. government in 2022, TraderTraitor represents a specialized subgroup within the notorious Lazarus Group, North […]
The post Lazarus Subgroup ‘TraderTraitor’ Attacking Cloud Platforms and Poisoning Supply Chains appeared first on Cyber Security News.
Tushar Subhra Dutta
Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems
2 months ago
Sophos analysts have identified a novel infection chain employed by the financially motivated cybercriminal group GOLD BLADE, also known as RedCurl, Red Wolf, and Earth Kapre, to deploy their custom RedLoader malware on Windows systems. This group, active since 2018 and specializing in commercial espionage, has been observed using highly targeted phishing emails to infiltrate […]
The post Threat Actors Use LNK Files to Deploy RedLoader Malware on Windows Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Israeli Fashion Brand Breach Exposes Internal Data on Darknet Forum
2 months ago
You must login to view this content
cohenido
BSidesSF 2025: Trace to Triage: How to Connect Product Vulnerabilities to Security Paths
2 months ago
Creator/Author/Presenter: Ben Stav
Our deep appreciation to Security BSides - San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.
Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!
The post BSidesSF 2025: Trace to Triage: How to Connect Product Vulnerabilities to Security Paths appeared first on Security Boulevard.
Marc Handelman
Hidden Backdoor Found in ATM Network via Raspberry Pi
2 months ago
A covert ATM attack used a Raspberry Pi to breach bank systems, employing stealthy malware and anti-forensics techniques