Aggregator

检测业务是否受到此漏洞影响，请联系长亭应急服务团队！

План в нескольких шагов, превращающий хаос из задач в управляемый поток действий.

Как свистки, распечатанные на 3D-принтерах, стали символом протеста.

A vulnerability, which was classified as problematic, has been found in Intel Distribution for Python Software Installers 2025.1.0. This affects an unknown part. This manipulation causes uncontrolled search path. This vulnerability is tracked as CVE-2025-30182. The attack is restricted to local execution. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Intel Driver and Support Assistant up to 25.1. This impacts an unknown function. The manipulation results in uncontrolled search path. This vulnerability is reported as CVE-2025-30506. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.

A vulnerability identified as critical has been detected in Netgear R6260 and R6850 up to 1.1.0.86. This impacts an unknown function. This manipulation causes improper authentication. The identification of this vulnerability is CVE-2025-12942. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Intel Graphics Software. It has been rated as problematic. The impacted element is an unknown function. Performing manipulation results in uncontrolled search path. This vulnerability is identified as CVE-2025-31647. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability marked as problematic has been reported in Intel oneAPI DPC++C++ Compiler Software. Affected by this vulnerability is an unknown functionality. This manipulation causes uncontrolled search path. This vulnerability is registered as CVE-2025-32038. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including

Dell Technologies has disclosed a critical security vulnerability affecting its Data Lakehouse platform that could allow attackers with high-level privileges to escalate their access and compromise system integrity. The flaw, tracked as CVE-2025-46608, carries a maximum CVSS severity score of 9.1, indicating an exceptionally high risk to affected environments. CVE ID Product Affected Versions Remediated […]

The post Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding federal agencies. Failing to properly patch Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices against actively exploited vulnerabilities. Under Emergency Directive 25-03, CISA has identified two severe CVEs posing unacceptable risks to federal information systems: CVE-2025-20333, which enables remote […]

The post CISA Warns of Federal Agencies Not Fully Patching Actively Exploited Cisco ASA or Firepower Devices appeared first on Cyber Security News.

A vulnerability was found in Poll Maker Plugin up to 6.0.7 on WordPress and classified as critical. Impacted is an unknown function. The manipulation of the argument filterbyauthor results in sql injection. This vulnerability was named CVE-2025-12620. The attack may be performed from remote. There is no available exploit.

A vulnerability labeled as problematic has been found in Enalean Tuleap Community Edition and Tuleap Enterprise Edition. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. This vulnerability is referenced as CVE-2025-64117. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Microsoft Windows. The impacted element is an unknown function of the component Common Log File System Driver. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2025-60709. Attacking locally is a requirement. No exploit is available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. This vulnerability affects unknown code of the component Client-Side Caching. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-60705. The attack needs to be performed locally. There is not any exploit available. It is suggested to install a patch to address this issue.

A vulnerability identified as critical has been detected in Microsoft Windows. Impacted is an unknown function of the component Multimedia Class Scheduler Service. This manipulation causes use after free. This vulnerability appears as CVE-2025-60707. The attack requires local access. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in trifectatechfoundation sudo-rs up to 0.2.9. It has been rated as critical. The affected element is an unknown function. Performing manipulation results in improper authentication. This vulnerability was named CVE-2025-64517. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in trifectatechfoundation sudo-rs up to 0.2.9. It has been classified as problematic. The impacted element is an unknown function. Performing manipulation results in missing password field masking. This vulnerability is known as CVE-2025-64170. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended.

Стэнфорд бьёт тревогу: защитные фильтры упускают тонкие, но смертельно опасные запросы.

A vulnerability was found in macrozheng mall-swarm up to 1.0.3 and classified as critical. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. This vulnerability is reported as CVE-2025-13118. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.