Everest
You must login to view this content
Aggregator
Everest
2 months ago
You must login to view this content
cohenido
Everest
2 months ago
You must login to view this content
cohenido
CVE-2025-46001 | Filemanager 2.3.0 PHP File is_allowed_file_type unrestricted upload (Exploit 38895 / EUVD-2025-21880)
2 months ago
A vulnerability, which was classified as critical, was found in Filemanager 2.3.0. Affected is the function is_allowed_file_type of the component PHP File Handler. The manipulation leads to unrestricted upload.
This vulnerability is traded as CVE-2025-46001. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7242 | CADImage Plugin on IrfanView DWG File Parser out-of-bounds (EUVD-2025-22245)
2 months ago
A vulnerability classified as critical has been found in CADImage Plugin on IrfanView. This affects an unknown part of the component DWG File Parser. The manipulation leads to out-of-bounds read.
This vulnerability is uniquely identified as CVE-2025-7242. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-7243 | CADImage Plugin on IrfanView DWG File Parser memory corruption (EUVD-2025-22244)
2 months ago
A vulnerability classified as critical was found in CADImage Plugin on IrfanView. This vulnerability affects unknown code of the component DWG File Parser. The manipulation leads to memory corruption.
This vulnerability was named CVE-2025-7243. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-7261 | CADImage Plugin on IrfanView DWG File Parser out-of-bounds (EUVD-2025-22226)
2 months ago
A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DWG File Parser. The manipulation leads to out-of-bounds read.
This vulnerability is known as CVE-2025-7261. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-42947 | SAP FICA ODN framework up to SAPSCORE 132 inject code injection (EUVD-2025-22407)
2 months ago
A vulnerability, which was classified as critical, was found in SAP FICA ODN framework up to SAPSCORE 132. Affected is an unknown function. The manipulation of the argument inject leads to code injection.
This vulnerability is traded as CVE-2025-42947. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-33076 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 memory corruption (EUVD-2025-22452)
2 months ago
A vulnerability classified as critical has been found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. Affected is an unknown function. The manipulation leads to memory corruption.
This vulnerability is traded as CVE-2025-33076. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-33020 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 missing encryption (EUVD-2025-22451)
2 months ago
A vulnerability was found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing encryption of sensitive data.
This vulnerability is traded as CVE-2025-33020. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
New Crux Ransomware Emerges in Three Attacks This Month
2 months ago
A new ransomware variant dubbed "Crux" was detected by Huntress researchers in three attacks this month, with the group favoring RDP for initial access and legitimate processes to make it more difficult to detect it. The group also claims to be part of the BlackByte RaaS crew, though Huntress couldn't validate the claim.
The post New Crux Ransomware Emerges in Three Attacks This Month appeared first on Security Boulevard.
Jeffrey Burt
OSI Layers & Attacks
2 months ago
OSI Layers & Attacks
Dark Web Informer - Cyber Threat Intelligence
Админ или нет? В Киеве задержан фигурант дела крупнейшего форума XSS
2 months ago
Форум работал в тени с 2013 года — теперь за ним стоит очередь следователей.
Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites
2 months ago
Security researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for “must-use plugins,” houses automatically activated plugins that cannot be deactivated through the standard WordPress admin interface, making it an ideal […]
The post Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
CVE-2025-50481 | Mezzanine CMS 6.1.0 /blog/blogpost/add cross site scripting (EUVD-2025-22459)
2 months ago
A vulnerability was found in Mezzanine CMS 6.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /blog/blogpost/add. The manipulation leads to cross site scripting.
This vulnerability is handled as CVE-2025-50481. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-4968 | WPBakery Page Builder Plugin up to 8.4.1 on WordPress cross site scripting (EUVD-2025-22479)
2 months ago
A vulnerability has been found in WPBakery Page Builder Plugin up to 8.4.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-4968. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-2634 | NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x improper validation of specified index, position, or offset in input (EUVD-2025-22460)
2 months ago
A vulnerability, which was classified as critical, was found in NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x. Affected is an unknown function. The manipulation leads to improper validation of specified index, position, or offset in input.
This vulnerability is traded as CVE-2025-2634. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2633 | NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x lvre!UDecStrToNum improper validation of specified index, position, or offset in input (EUVD-2025-22461)
2 months ago
A vulnerability, which was classified as critical, has been found in NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x. This issue affects the function lvre!UDecStrToNum. The manipulation leads to improper validation of specified index, position, or offset in input.
The identification of this vulnerability is CVE-2025-2633. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
US Nuclear Agency Hacked in Microsoft SharePoint Frenzy
2 months ago
Threat actors are piling on the zero-day vulnerabilities in SharePoint, including at least three Chinese nation-state cyber-espionage groups.
Kristina Beek
Russia turns to Kyrgyzstan’s booming crypto sector to evade sanctions, researchers say
2 months ago
According to a new report by blockchain intelligence firm TRM Labs, Kyrgyz-registered exchanges have repeatedly been used by sanctioned Russian entities.