Aggregator

A vulnerability was found in Mozilla Firefox up to 140 and classified as problematic. Affected by this issue is some unknown functionality of the component Search Term Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-8039. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 140. It has been classified as problematic. This affects an unknown part of the component Search Term Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-8039. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

What Makes Timely and Accurate Breach Reporting So Difficult for Some Organizations?
An Illinois-based brokerage firm that works with employers, businesses and consumers to obtain various types of insurance coverage is notifying nearly 156,000 people that their protected health information was compromised in a data theft hack that occurred more than a year ago. Why the delay?

ENISA's Laura Heuvinck Shares Index Findings, Implications for EU Cybersecurity
In the latest EU Cybersecurity Index, member states scored an average of 64.51 out of 100, reflecting a moderately strong level of preparedness for cyber incidents. ENISA's Laura Heuvinck breaks down the findings and key areas for improving Europe's cybersecurity posture.

Telecom May Face Up to $2.22 Million Per Violation in Fines
The Australian privacy watchdog sued Optus, saying the country's second largest telecom failed for years to protect sensitive customer data breached during a September 2022 incident affecting nearly 10 million people. The regulator said Optus faces a potential fine of up to AU$21.9 trillion.

A vulnerability was found in DropAFew 0.2 and classified as critical. This issue affects some unknown processing of the file search.php. The manipulation of the argument calories leads to sql injection. The identification of this vulnerability is CVE-2007-1363. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in DropAFew 0.2. It has been classified as problematic. Affected is an unknown function of the file editlogcal.php of the component Authorization. The manipulation of the argument ID leads to information disclosure. This vulnerability is traded as CVE-2007-1364. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Don Barnes DRBGuestbook 1.1.13. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument action leads to cross site scripting. This vulnerability is known as CVE-2007-5218. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Drake CMS 0.3.7/0.3.7 Beta. Affected is an unknown function of the file 404.php. The manipulation of the argument d_private leads to path traversal. This vulnerability is traded as CVE-2007-1849. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in WAN Emulator 2.3. This vulnerability affects the function shell_exec of the file result.php. The manipulation of the argument pc leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2012-10041. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sflog CMS 1.0. It has been classified as critical. This affects an unknown part of the file manage.php of the component Blog Management Interface. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2012-10042. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PMSoftware Simple Web Server 2.2 rc2 and classified as critical. This issue affects the function vsprintf. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2012-10053. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ProjectPier Project Pier up to 0.8.8. It has been declared as critical. This vulnerability affects unknown code of the file tools/upload_file.php of the component PHP File Handler. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2012-10036. The attack can be initiated remotely. Furthermore, there is an exploit available.

Over 28,000 unpatched Microsoft Exchange servers are exposed on the public internet and remain vulnerable to a critical security flaw designated CVE-2025-53786, according to new scanning data released on August 7, 2025, by The Shadowserver Foundation. The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-02 on August 7, mandating federal agencies to address […]

The post 28,000+ Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online appeared first on Cyber Security News.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 140. Affected is an unknown function of the component Frame Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is traded as CVE-2025-8038. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 140 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Frame Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is known as CVE-2025-8038. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Mozilla Firefox up to 140. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to sensitive cookie without secure attribute. This vulnerability was named CVE-2025-8037. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 140. This issue affects some unknown processing of the component Cookie Handler. The manipulation leads to sensitive cookie without secure attribute. The identification of this vulnerability is CVE-2025-8037. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Thunderbird up to 140. This affects an unknown part of the component IP Address Change Handler. The manipulation leads to reliance on reverse dns resolution. This vulnerability is uniquely identified as CVE-2025-8036. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 140. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Address Change Handler. The manipulation leads to reliance on reverse dns resolution. This vulnerability is handled as CVE-2025-8036. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.