Aggregator

CVE-2025-43021 | HP Poly Clariti Manager up to 10.12.0 default password (EUVD-2025-22393 / WID-SEC-2025-1635)

Vuldb Updates
2 months ago
A vulnerability classified as problematic has been found in HP Poly Clariti Manager up to 10.12.0. This affects an unknown part. The manipulation leads to use of default password. This vulnerability is uniquely identified as CVE-2025-43021. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-39282 | Linux Kernel up to 6.1.123/6.6.69/6.12.8 mtk_t7xx fsm_main_thread.c fsm_main_thread reference count (Nessus ID 216985 / WID-SEC-2025-0105)

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.123/6.6.69/6.12.8. This affects the function fsm_main_thread of the file fsm_main_thread.c of the component mtk_t7xx. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2024-39282. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49574 | quarkusio quarkus up to 3.23.x exposure of resource (EUVD-2025-18925 / WID-SEC-2025-1639)

Vuldb Updates
2 months ago
A vulnerability, which was classified as problematic, has been found in quarkusio quarkus up to 3.23.x. This issue affects some unknown processing. The manipulation leads to exposure of resource. The identification of this vulnerability is CVE-2025-49574. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7690 | Affiliate Plus Plugin up to 1.3.2 on WordPress Setting affiplus_settings cross-site request forgery (EUVD-2025-22491)

Vuldb Updates
2 months ago
A vulnerability was found in Affiliate Plus Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function affiplus_settings of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-7690. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-2915 | HDF5 up to 1.14.6 src/H5Faccum.c H5F__accum_free overlap_size heap-based overflow (Issue 5380 / EUVD-2025-8640)

Vuldb Updates
2 months ago
A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. This vulnerability was named CVE-2025-2915. Attacking locally is a requirement. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-2923 | HDF5 up to 1.14.6 src/H5Fint.c H5F_addr_encode_len pp heap-based overflow (Issue 5381 / EUVD-2025-8650)

Vuldb Updates
2 months ago
A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-2923. Attacking locally is a requirement. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-2913 | HDF5 up to 1.14.6 src/H5FL.c H5FL__blk_gc_list H5FL_blk_head_t use after free (Issue 5376 / EUVD-2025-8633)

Vuldb Updates
2 months ago
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. This vulnerability is handled as CVE-2025-2913. An attack has to be approached locally. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-2924 | HDF5 up to 1.14.6 src/H5HLcache.c H5HL__fl_deserialize free_block heap-based overflow (Issue 5382 / EUVD-2025-8649)

Vuldb Updates
2 months ago
A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2924. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-2914 | HDF5 up to 1.14.6 src/H5FScache.c H5FS__sinfo_Srialize_Sct_cb sect heap-based overflow (Issue 5379 / EUVD-2025-8637)

Vuldb Updates
2 months ago
A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2914. Local access is required to approach this attack. Furthermore, there is an exploit available.
vuldb.com

New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy

Cyber Security News
2 months ago

WhoFi surfaced last on the public repository ArXiv, stunning security teams with a proof-of-concept that turns ordinary 2.4 GHz routers into covert biometric scanners. Unlike camera-based systems, this neural pipeline fingerprints the unique way a body distorts Wi-Fi channel state information (CSI), letting an attacker identify someone from the opposite side of a plaster wall, […]

The post New AI-Powered Wi-Fi Biometrics WhoFi Tracks Humans Behind Walls with 95.5% Accuracy appeared first on Cyber Security News.

Tushar Subhra Dutta

Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage 

Anyrun
2 months ago

Even with all the new ways we stay in touch, Slack, Teams, DMs, email is still the backbone of business communication. That also makes it one of the easiest ways in for attackers.  A single message with the right subject line or attachment can lead to stolen logins, malware infections, or even full network access. […]

The post Top Email Security Risks for Businesses and How to Catch Them Before They Cause Damage  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

Managed ad