Aggregator

A vulnerability has been found in Salesforce Tableau Server up to 2022.1.2 and classified as problematic. This vulnerability affects unknown code of the component Personal Access Token Handler. This manipulation causes cleartext storage of sensitive information. This vulnerability is registered as CVE-2025-26495. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in HCL Leap up to 9.3.7. Affected by this vulnerability is an unknown functionality of the component Import Handler. The manipulation results in improper access controls. This vulnerability was named CVE-2024-30148. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in nopCommerce up to 4.79.x. It has been rated as problematic. Affected by this issue is some unknown functionality. This manipulation causes race condition. This vulnerability appears as CVE-2024-58248. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.12/6.13.1. It has been declared as problematic. This issue affects the function HWS_SET32 of the component mlx5. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-21800. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

Tel Aviv, Israel, 29th October 2025, CyberNewsWire

在这场向任何人开放的基于开源数 据得出结论的竞赛中，保护无辜平民的权利并建立一些关于如何合乎道德地使用OSI-NT的指导方针是至关重要的 。

GlobalCVE是一个开源的全球漏洞情报统一枢纽（Unified Vulnerability Search），旨在为安全研究人员、开发者和社区提供清晰、协作且无付费墙的漏洞情报视图。 它聚合了来自多个全球来源的 CVE（Common Vulnerabilities & Exposures）数据，包括 NVD（美国国家漏洞数据库）、MITRE、CNNVD（中国国家信息安全漏洞数据库）、JVN（日本漏洞笔记）、CERT-FR（法国计算机应急响应团队）等图五。通过这些来源的整合，它提供了一个跨边界的、统一的漏洞情报视图，避免了供应商锁定和数据孤岛。主要功能与特色 统一 CVE 搜索与可视化：支持从多个来源搜索和浏览 CVE 漏洞，提供去重视图，并通过自定义徽章标注数据来源，确保透明度和归属。 优点：可视化、支持产品反查。 API 集成：提供免费的公共 API图4，便于自动化和集成到其他工具中，支持服务器less架构以实现可扩展性。#开源情报网站分享计划 网站（往下拉到底直接搜索即可）图2图3： https://globalcve[.]xyz/

A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s surge in camera exploits, this Python-based utility targets unauthenticated endpoints in cameras running outdated firmware, such as version 3.1.3.150324. Developed for researchers and red teamers, it streamlines […]

The post Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras appeared first on Cyber Security News.

Peter Williams，39岁，澳大利亚国籍，现居美国华盛顿特区，是网络安全与情报领域的资深从业者。

Bringing frictionless implementation [Progressive Segmentation™ and EDR integration] and rapid value realization to an award-winning and peer-recognized technology platform demystifies, simplifies, and makes it extremely easy for our customers to achieve cyber resilience. As a student of innovation and technology, I’ve seen time and again that raw technological prowess alone rarely sparks widespread adoption. The […]

The post Cybersecurity Awareness Month 2025: Customer-Centric Innovation from ColorTokens appeared first on ColorTokens.

The post Cybersecurity Awareness Month 2025: Customer-Centric Innovation from ColorTokens appeared first on Security Boulevard.

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

本周三英伟达成为全球第一家市值突破 5 万亿美元的公司，三个月前该公司市值刚刚突破 4 万亿美元，超越苹果和微软等巨头，而三年前 AI 聊天机器人 ChatGPT 推出前英伟达市值约为 4000 亿美元。作为最大的 AI 芯片供应商，英伟达是受益于这一波 AI 技术发展的最主要公司，但这也引发了 AI 泡沫的担忧。英伟达 CEO 黄仁勋周二表示他不认为世界处于 AI 泡沫之中，认为我们正在使用各种模型，并乐于为此付费。黄仁勋在 GTC 大会上表示，英伟达预计其最新芯片的出货量将达到 2000 万颗，而上一代 Hopper 的总出货量仅为 400 万颗。

Самый поучительный урок маркетинга в истории?

A vulnerability, which was classified as critical, has been found in Microsoft Windows up to Server 2019. This affects an unknown part of the component Task Scheduler. Performing manipulation results in improper access controls. This vulnerability is reported as CVE-2019-1069. The attack is possible to be carried out remotely. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a patch.

A vulnerability, which was classified as problematic, was found in 10Web Photo Gallery Plugin up to 1.5.68 on WordPress. Affected by this vulnerability is an unknown functionality. Such manipulation of the argument album_gallery_id_0/bwg_album_search_0/type_0 for bwg_frontend_data leads to cross site scripting. This vulnerability is traded as CVE-2021-31693. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in SAP BusinessObjects Web Intelligence. It has been classified as problematic. This affects an unknown part of the component Document Handler. This manipulation causes information disclosure. The identification of this vulnerability is CVE-2024-25646. It is possible to initiate the attack remotely. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in SAP NetWeaver Application Server for ABAP and ABAP Platform up to 758. It has been classified as problematic. Affected is an unknown function. Performing manipulation results in information disclosure. This vulnerability is known as CVE-2024-37180. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability classified as critical was found in Microsoft Windows up to Server 2019. Affected by this issue is some unknown functionality of the component AppXSVC. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2019-1064. The attack can be executed remotely. Additionally, an exploit exists. A patch should be applied to remediate this issue.