Aggregator

A vulnerability marked as critical has been reported in Rockwell Automation Studio 5000 Simulation Interface. This affects an unknown function of the component NTLM Hash Handler. This manipulation causes path traversal. This vulnerability is tracked as CVE-2025-11696. The attack is restricted to local execution. No exploit exists.

A vulnerability labeled as critical has been found in Zoho ManageEngine Analytics Plus 4.3.5/4350/5410/6100/6130. The impacted element is an unknown function of the component Filter Configuration Handler. The manipulation results in sql injection. This vulnerability is identified as CVE-2025-8324. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Rockwell Automation Verve Asset Manager up to 1.41.3. The affected element is an unknown function of the component API. The manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2025-11862. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in Rockwell Automation FactoryTalk DataMosaix Private Cloud 7.11/8.00. Impacted is an unknown function. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-11085. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Zoho ManageEngine Applications Manager. It has been rated as critical. This issue affects some unknown processing of the component Configuration Handler. Performing manipulation results in command injection. This vulnerability was named CVE-2025-9223. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Fairsketch RISE CRM Framework up to 3.8. It has been declared as problematic. This vulnerability affects unknown code of the file /clients/save_contact/ of the component POST Request Handler. Such manipulation of the argument first_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-41106. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Rockwell Automation FactoryTalk DataMosaix Private Cloud 7.11/8.00/8.01. It has been classified as problematic. This affects an unknown part of the component MFA. This manipulation causes weak authentication. This vulnerability is handled as CVE-2025-11084. The attack can only be done within the local network. There is not any exploit available.

A vulnerability was found in Fairsketch RISE CRM Framework up to 3.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /tickets/save of the component POST Request Handler. The manipulation of the argument Title results in cross site scripting. This vulnerability is known as CVE-2025-41105. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Fairsketch RISE CRM Framework up to 3.8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /estimate_requests/save_estimate_request of the component POST Request Handler. The manipulation of the argument custom_field_1 leads to cross site scripting. This vulnerability is traded as CVE-2025-41104. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Fairsketch RISE CRM Framework up to 3.8. Affected is an unknown function of the file /messages/reply of the component POST Request Handler. Executing manipulation of the argument reply_message can lead to cross site scripting. This vulnerability appears as CVE-2025-41103. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Turkguven Perfektive. This impacts an unknown function. Performing manipulation results in improper restriction of excessive authentication attempts. This vulnerability is reported as CVE-2025-10161. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A sophisticated supply chain attack has emerged, targeting industrial control systems through compromised .NET packages. The threat landscape shifted on November 5, 2025, when researchers identified nine malicious NuGet packages designed to inject destructive payloads into critical infrastructure environments. Published under the NuGet alias shanhai666 between 2023 and 2024, these packages accumulated nearly 9,500 downloads […]

The post Weaponized NuGet Packages Inject Time-Delayed Destructive Payloads to Attack ICS Systems appeared first on Cyber Security News.

A security vulnerability has been discovered in Zoom Workplace’s VDI Client for Windows that could allow attackers to escalate their privileges on affected systems. The flaw, tracked as CVE-2025-64740 and assigned bulletin ZSB-25042, has been rated as High severity with a CVSS score of 7.5. Attribute Details CVE ID CVE-2025-64740 Bulletin ID ZSB-25042 Product Zoom Workplace VDI […]

The post Zoom Workplace for Windows Flaw Allows Local Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Ваш ИИ-партнёр придёт за вашей скучной работой раньше, чем за вашей зарплатой.

Open source components form the backbone of innovation, but they also introduce significant security risks.

The post Stop Open Source Malware at the Gate with Repository Firewall appeared first on Security Boulevard.

The notorious APT-C-08 hacking group, also known as BITTER, has been observed weaponizing a critical WinRAR directory traversal vulnerability (CVE-2025-6218) to launch sophisticated attacks against government organizations across South Asia. This development marks a concerning evolution in the threat actor’s capabilities, as the group leverages this easily exploitable flaw to infiltrate sensitive systems and steal classified […]

The post WinRAR Vulnerability Exploited by APT-C-08 to Target Government Agencies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A security vulnerability has been discovered in Zoom Workplace VDI Client for Windows that could allow attackers to gain elevated privileges on affected systems. The flaw, tracked as CVE-2025-64740, has been assigned a high severity rating with a CVSS score of 7.5, according to Zoom’s security bulletin ZSB-25042. The vulnerability stems from improper verification of […]

The post Zoom Workplace for Windows Vulnerability Allow Users to Escalate Privilege appeared first on Cyber Security News.

A critical vulnerability in Devolutions Server could allow attackers with low-level access to impersonate other user accounts by exploiting how the application handles authentication cookies before multi-factor authentication is completed. The security flaw, tracked as CVE-2025-12485, stems from improper privilege management during pre-MFA cookie handling. When users log in to Devolutions Server, the application generates temporary […]

The post Devolutions Server Vulnerability Let Attackers Impersonate Users Using Pre-MFA Cookie appeared first on Cyber Security News.

GNU Coreutils is the backbone of many enterprise Linux environments. It provides the basic file, shell, and text utilities that every GNU-based system depends on. The latest release, version 9.9, refines these tools with fixes and performance improvements. Several long-standing issues have been resolved. The basenc --base58 command now works properly with large inputs, correcting a bug introduced in version 9.8. The cksum utility improves support for base64 encoded input and tagged formats used with … More →

The post GNU Coreutils 9.9 brings fixes and updates across essential tools appeared first on Help Net Security.

Many organizations still struggle to patch fast enough to prevent breaches. Join us December 2 at 2PM ET to learn how modern patch management strategies can reduce risk and close the remediation gap. [...]