Aggregator

A vulnerability classified as critical has been found in Google Web Designer on macOS/Linux. Affected is an unknown function. The manipulation leads to symlink following. This vulnerability is traded as CVE-2025-1079. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Digi International Digi PortServer TS, Digi One SP, Digi One SP IA, Digi One IA and Digi One IAP. It has been rated as critical. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-3659. The attack may be initiated remotely. There is no exploit available.

The post Vulnerability Management Automation: Here’s Why You Need it appeared first on AI Security Automation.

The post Vulnerability Management Automation: Here’s Why You Need it appeared first on Security Boulevard.

A vulnerability was found in Schweitzer Engineering Laboratories SEL Blueframe OS up to 1.11.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2025-46746. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Schweitzer Engineering Laboratories SEL Blueframe OS up to 1.11.x. It has been classified as problematic. This affects an unknown part of the component Token Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-46743. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda FH451 1.0.0.9 and classified as critical. Affected by this issue is the function formSafeEmailFilter. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2025-44176. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Schweitzer Engineering Laboratories SEL-3350-1, SEL-3355-2 and SEL-3360-2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component BIOS Setting Handler. The manipulation leads to authentication bypass by primary weakness. This vulnerability is known as CVE-2025-46750. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Schweitzer Engineering Laboratories SEL Blueframe OS up to 1.11.x. Affected is an unknown function. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is traded as CVE-2025-46739. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ThingsBoard Community, Cloud and Professional 3.8.1. This issue affects some unknown processing of the component Image Gallery. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-55466. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cozy Vision Technologies SMS Alert Order Notifications Plugin up to 3.8.2 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-47682. The attack can be initiated remotely. There is no exploit available.

Microsoft has removed an upgrade block that prevented some Safe Exam Browser users from installing the Windows 11 2024 Update due to incompatibility issues. [...]

A vulnerability classified as problematic has been found in Schweitzer Engineering Laboratories SEL-5037 Grid Configurator. This affects an unknown part. The manipulation leads to origin validation error. This vulnerability is uniquely identified as CVE-2025-46737. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Flytxt NEON-dX 0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument userId leads to improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2023-34732. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in IBM 4769 Developers Toolkit up to 7.5.52. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Hardware Security Module. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2025-3632. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of […]

State Accused Tech Giant of Geolocation, Incognito Search, Biometric Violations
Texas has reached a nearly $1.4 billion settlement agreement with technology giant Alphabet after accusing its Google subsidiary of violating state privacy laws via its geolocation, incognito search and biometric data capture and retention practices.

Noodlophile Steals Credentials and Wallets Under AI Video Guise
Hackers are targeting users into downloading infostealers by tricking them into clicking on links that claim to produce AI-generated videos. The attackers build websites and promoted them on high-visibility Facebook groups, some exceeding 60,000 views.

For years, Google has faced several legal battles over privacy and lost, though this one takes the cake for biggest ever settlement against a Big Tech firm.

A vulnerability was found in Adobe Flash Player up to 11.2.202.535/18.0.0.252/19.0.0.207. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SWF File Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2015-7645. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.