Aggregator

CVE-2025-7204 | ConnectWise PSA prior 2025.9 API Request insertion of sensitive information into sent data (EUVD-2025-20827)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in ConnectWise PSA. It has been classified as problematic. This affects an unknown part of the component API Request Handler. The manipulation leads to insertion of sensitive information into sent data. This vulnerability is uniquely identified as CVE-2025-7204. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53546 | RSSNext Folo auto-fix-lint-format-commit.yml pull_request_target inclusion of functionality from untrusted control sphere (EUVD-2025-20825)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability was found in RSSNext Folo and classified as critical. Affected by this issue is the function pull_request_target of the file github/workflows/auto-fix-lint-format-commit.yml. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is handled as CVE-2025-53546. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Reflectiz Joins the Datadog Marketplace

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

Reflectiz, a leading cybersecurity company specializing in web exposure management, today announced a new integration with Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications. This integration combines advanced website security intelligence with enterprise-grade observability, empowering organizations with continuous visibility and control over their expanding attack surface. The partnership introduces the Reflectiz […]

The post Reflectiz Joins the Datadog Marketplace appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

CyberNewswire

CVE-2025-6514 | mcp-remote up to 0.1.15 authorization_endpoint os command injection (jfsa-2025-001290844)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability has been found in mcp-remote up to 0.1.15 and classified as critical. Affected by this vulnerability is the function authorization_endpoint. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-6514. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-1112 | IBM OpenPages with Watson 8.3/9.0 improper ownership management (EUVD-2025-20829)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in IBM OpenPages with Watson 8.3/9.0. Affected is an unknown function. The manipulation leads to improper ownership management. This vulnerability is traded as CVE-2025-1112. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-52364 | Tenda CP3 Pro 22.5.4.93 Telnet Service /etc/init.d/eth.sh weak password

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability, which was classified as critical, has been found in Tenda CP3 Pro 22.5.4.93. This issue affects some unknown processing of the file /etc/init.d/eth.sh of the component Telnet Service. The manipulation leads to weak password requirements. The identification of this vulnerability is CVE-2025-52364. The attack may be initiated remotely. There is no exploit available. It is recommended to apply restrictive firewalling.
vuldb.com

CVE-2025-2670 | IBM OpenPages 9.0 REST Endpoint exposure of sensitive system information to an unauthorized control sphere (EUVD-2025-20824)

VulDB Recent Entries
2 months 2 weeks ago
A vulnerability classified as problematic was found in IBM OpenPages 9.0. This vulnerability affects unknown code of the component REST Endpoint. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability was named CVE-2025-2670. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Supply Chain Attack Unleashed via Compromised VS Code Extension

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

A sophisticated supply chain attack targeting cryptocurrency developers through the compromise of ETHcode, a legitimate Visual Studio Code extension with nearly 6,000 installations. The attack, executed through a malicious GitHub pull request, demonstrates how threat actors can weaponize trusted development tools using minimal code changes, raising serious concerns about open-source software security in the blockchain […]

The post Supply Chain Attack Unleashed via Compromised VS Code Extension appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Managed ad