Aggregator

CVE-2025-9055 | Axis AXIS OS up to 12.7.30 VAPIX Edge Storage API unnecessary privileges (EUVD-2025-74036)

3 months ago

A vulnerability described as critical has been identified in Axis AXIS OS up to 12.7.30. Affected by this vulnerability is an unknown functionality of the component VAPIX Edge Storage API. Such manipulation leads to execution with unnecessary privileges. This vulnerability is documented as CVE-2025-9055. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-10714 | Axis Optimizer prior 5.6.0.0 unquoted search path (EUVD-2025-74038)

VulDB Recent Entries

3 months ago

A vulnerability marked as problematic has been reported in Axis Optimizer. Affected is an unknown function. This manipulation causes unquoted search path. This vulnerability is registered as CVE-2025-10714. The attack needs to be launched locally. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-41244

CVE Trends

3 months ago

Currently trending CVE - Hype Score: 1 - VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this ...

CVE-2025-21043

CVE Trends

3 months ago

Currently trending CVE - Hype Score: 1 - Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

U8cloud 所有版本 NCCloudGatewayServlet 远程命令执行和任意文件上传（基于该漏洞的变种）

先知技术社区

3 months ago

前言2025-09-24 用友又又又发布了一个漏洞关于U8cloud所有版本NCCloudGatewayServlet接口存在命令执行漏洞的安全公告这次又是全版本的漏洞但是，我觉得这也可以是文件上传漏洞，往下看吧。https://security.yonyou.com/#/noticeInfo?id=736来来来现热乎的，我们先去分析一波看，官方说的升级补丁升级补丁<U8CLOUD系统

Случайно нашел (или нет?). На Урале завели первое дело о «поиске» экстремизма. А в Ростове уже штрафуют за подписки

Securitylab.ru

3 months ago

Двух жительниц Ростовской области оштрафовали.

处罚案例 | 某科技公司未及时修复安全漏洞，网警依法处罚

信息安全国家工程研究中心

3 months ago

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

3 months ago

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day […]

Pierluigi Paganini

【已复现】Spring Cloud Gateway 表达式注入漏洞(CVE-2025-41253)安全风险通告

奇安信CERT

3 months ago

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

Капча, 10 секунд и никаких уведомлений. В Минцифры рассказали, как именно абонентам придется разблокировать SIM-карты после роуминга

Securitylab.ru

3 months ago

Вернулся из-за границы — пройди авторизацию.

雷神众测漏洞周报2025.11.3-2025.11.9

雷神众测

3 months ago

Firewalla unveils MSP 2.9 to simplify multi-device network management

Help Net Security

3 months ago

Firewalla has announced the release of MSP 2.9, the latest update to its Managed Security Portal (MSP). The update is now available to all MSP Early Access users. Firewalla MSP is a web-based platform designed for security and infosec professionals to manage multiple Firewalla devices. Version 2.9 introduces new features and improvements to simplify network management, enhance security, and give IT teams greater control. New features in MSP 2.9: Search flows with FireAI: Users can … More →

The post Firewalla unveils MSP 2.9 to simplify multi-device network management appeared first on Help Net Security.

Industry News