Aggregator

Министерства, стройка и новости — что объединяет жертв милого животного?

A vulnerability, which was classified as critical, was found in ppp up to 2.5.1. Affected is an unknown function of the component Passprompt Plugin. The manipulation leads to untrusted search path. This vulnerability is traded as CVE-2024-58250. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Zyxel USG FLEX H uOS up to V1.31. This issue affects some unknown processing of the component Configuration File Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2025-1732. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as problematic was found in Rustaurius Front End Users Plugin up to 3.2.32 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13569. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Hitachi Ops Center Common Services 11.0.3. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-2300. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hitachi Ops Center Common Services and Ops Center Analyzer Viewpoint OVF up to 11.0.0-03. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use of default credentials. This vulnerability is handled as CVE-2024-46899. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft on Monday announced that it has moved the Microsoft Account (MSA) signing service to Azure confidential virtual machines (VMs) and that it's also in the process of migrating the Entra ID signing service as well. The disclosure comes about seven months after the tech giant said it completed updates to Microsoft Entra ID and MS for both public and United States government clouds to

A vulnerability was found in Zyxel AMG1302-T10B 2.00(AAJC.16)C0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-3577. The attack can be launched remotely. There is no exploit available.

A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this week. The certificate authority (CA) has since revoked 11 improperly issued certificates, raising concerns about trust in automated validation systems. How Domain Validation Was Exploited According to Mozilla report, SSL.com’s Domain […]

The post Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Zyxel USG FLEX H uOS up to 1.20/1.31. It has been classified as critical. Affected is an unknown function of the component PostgreSQL Command Handler. The manipulation leads to incorrect permission assignment. This vulnerability is traded as CVE-2025-1731. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in IBM Maximo Asset Management 7.6.1.3 and classified as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-2987. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

For years, security teams have operated in reactive mode, contending with siloed tools, fragmented intelligence, and a never-ending backlog of alerts. Traditional Security Operations platforms were supposed to unify data and streamline response—but they often introduced their own complexity, requiring heavy customization and manual oversight. ‘Hyper automation’ delivered much of the same empty promises, leaving most security teams firefighting today’s incidents with limited bandwidth to proactively manage tomorrow’s risks. StrikeReady is introducing its next-generation Security Command … More →

The post StrikeReady Security Command Center v2 accelerates threat response appeared first on Help Net Security.

在上个月首次突破每盎司 3000 美元之后，黄金期货在时隔一个多月后突破了每盎司 3500 美元。这一波上涨的背景是美元的主导权地位正在动摇。在国际政治面临分裂的情况下，无处可去的资金正在集中于作为实物资产的黄金。引发最新涨势的是美国总统特朗普威胁解雇美联储主席 Jerome Hayden Powell，令外界担忧联储的独立性，市场情绪更加恐慌，带动国际金价不断飙升，达到每盎司 3,502.6 美元。自今年初以来，黄金价格已暴涨逾30%。

A vulnerability was found in IP-COM EW9 15.11.0.14. It has been rated as critical. Affected by this issue is the function cmd_get_ping_output. The manipulation leads to command injection. This vulnerability is handled as CVE-2022-45005. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Arcadyan VRV9506JAC23. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Administrative Dashboard. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2020-9420. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Arcadyan VRV9506JAC23. Affected is an unknown function of the component Administrative Dashboard. The manipulation of the argument hostName/domain_name leads to cross site scripting. This vulnerability is traded as CVE-2020-9419. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in wasm3 7890a2097569fde845881e0b352d813573e371f9. Affected is the function op_CallIndirect of the file /m3_exec.h. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-44874. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.16-rc6. This issue affects the function ef100_update_stats of the file drivers/net/ethernet/sfc/ef100_nic.c. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-3106. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Binbloom 2.0. It has been declared as critical. Affected by this vulnerability is the function read_pointer of the file /binbloom-master/src/helpers.c. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2022-44910. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in oretnom23 Helmet Store Showroom 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation leads to sql injection. This vulnerability is handled as CVE-2022-46071. Access to the local network is required for this attack. There is no exploit available.