Aggregator

CVE-2025-49578 | StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 Language::userDate cross site scripting (GHSA-2v3v-3whp-953h / EUVD-2025-18205)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in StarCitizenTools mediawiki-skins-Citizen up to 3.3.0. It has been classified as problematic. Affected is the function Language::userDate. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-49578. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-4418 | AVEVA PI Connector for CygNet up to 1.6.14 integrity check (icsa-25-162-09 / EUVD-2025-18217)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in AVEVA PI Connector for CygNet up to 1.6.14. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper validation of integrity check value. This vulnerability is known as CVE-2025-4418. An attack has to be approached locally. There is no exploit available.
vuldb.com

CVE-2025-49576 | StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 cross site scripting (GHSA-86xf-2mgp-gv3g / EUVD-2025-18206)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-49576. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49577 | StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 cross site scripting (GHSA-jwr7-992g-68mh / EUVD-2025-18207)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability has been found in StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-49577. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49575 | StarCitizenTools mediawiki-skins-Citizen up to 3.3.0 cross site scripting (GHSA-4c2h-67qq-vm87 / EUVD-2025-18208)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in StarCitizenTools mediawiki-skins-Citizen up to 3.3.0. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-49575. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49081 | Absolute Security Secure Access up to 13.54 Warehouse permission (EUVD-2025-18199)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Absolute Security Secure Access up to 13.54. Affected by this issue is some unknown functionality of the component Warehouse. The manipulation leads to permission issues. This vulnerability is handled as CVE-2025-49081. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-43866 | vantage6 up to 4.10 random values (GHSA-m3mq-f375-5vgh / EUVD-2025-18201)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in vantage6 up to 4.10. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to insufficiently random values. The identification of this vulnerability is CVE-2025-43866. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-43863 | vantage6 up to 4.10.x Change Password excessive authentication (GHSA-j6g5-p62x-58hw / EUVD-2025-18202)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in vantage6 up to 4.10.x. It has been declared as problematic. This vulnerability affects unknown code of the component Change Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability was named CVE-2025-43863. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6031 | Amazon Cloud Cam up to 202212020 operation after expiration (AWS-2025-013 / EUVD-2025-18203)

VulDB Recent Entries
2 months 4 weeks ago
A vulnerability was found in Amazon Cloud Cam up to 202212020. It has been classified as critical. This affects an unknown part. The manipulation leads to operation on a resource after expiration. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6031. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

Security Affairs
2 months 4 weeks ago
Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. […]
Pierluigi Paganini

Lynx

Dark Feed IO
2 months 4 weeks ago

You must login to view this content

cohenido

Lynx

Dark Feed IO
2 months 4 weeks ago

You must login to view this content

cohenido

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 4 weeks ago

Recent investigations by Check Point Research have uncovered a sophisticated malware campaign that leverages a subtle but dangerous weakness in Discord’s invitation system. Cybercriminals are hijacking expired and deleted Discord invite links, including custom (vanity) and standard codes, to redirect unsuspecting users to malicious servers. This technique is being used as the initial vector in […]

The post Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaaviya

Managed ad