Aggregator

CVE-2025-3415 | Grafana up to 12.0.1 DingDing Alerting Integration URL information disclosure (EUVD-2025-21759 / Nessus ID 242626)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in Grafana up to 12.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the component DingDing Alerting Integration URL. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-3415. The attack needs to be initiated within the local network. There is no exploit available.
vuldb.com

CVE-2025-46001 | Filemanager 2.3.0 PHP File is_allowed_file_type unrestricted upload (Exploit 38895 / EUVD-2025-21880)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Filemanager 2.3.0. Affected is the function is_allowed_file_type of the component PHP File Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-46001. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7242 | CADImage Plugin on IrfanView DWG File Parser out-of-bounds (EUVD-2025-22245)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as critical has been found in CADImage Plugin on IrfanView. This affects an unknown part of the component DWG File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-7242. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7243 | CADImage Plugin on IrfanView DWG File Parser memory corruption (EUVD-2025-22244)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as critical was found in CADImage Plugin on IrfanView. This vulnerability affects unknown code of the component DWG File Parser. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-7243. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7261 | CADImage Plugin on IrfanView DWG File Parser out-of-bounds (EUVD-2025-22226)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in CADImage Plugin on IrfanView. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component DWG File Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-7261. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-42947 | SAP FICA ODN framework up to SAPSCORE 132 inject code injection (EUVD-2025-22407)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, was found in SAP FICA ODN framework up to SAPSCORE 132. Affected is an unknown function. The manipulation of the argument inject leads to code injection. This vulnerability is traded as CVE-2025-42947. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-33076 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 memory corruption (EUVD-2025-22452)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as critical has been found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-33076. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-33020 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 missing encryption (EUVD-2025-22451)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing encryption of sensitive data. This vulnerability is traded as CVE-2025-33020. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

New Crux Ransomware Emerges in Three Attacks This Month

Security Boulevard
4 months 3 weeks ago

A new ransomware variant dubbed "Crux" was detected by Huntress researchers in three attacks this month, with the group favoring RDP for initial access and legitimate processes to make it more difficult to detect it. The group also claims to be part of the BlackByte RaaS crew, though Huntress couldn't validate the claim.

The post New Crux Ransomware Emerges in Three Attacks This Month appeared first on Security Boulevard.

Jeffrey Burt

Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 3 weeks ago

Security researchers have discovered a concerning trend in which a highly skilled malware campaign has been targeting WordPress websites by using the frequently disregarded mu-plugins directory to insert a covert backdoor. This directory, short for “must-use plugins,” houses automatically activated plugins that cannot be deactivated through the standard WordPress admin interface, making it an ideal […]

The post Hidden Backdoor in WordPress Plugins Grants Attackers Ongoing Access to Websites appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-4968 | WPBakery Page Builder Plugin up to 8.4.1 on WordPress cross site scripting (EUVD-2025-22479)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability has been found in WPBakery Page Builder Plugin up to 8.4.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-4968. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-2634 | NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x improper validation of specified index, position, or offset in input (EUVD-2025-22460)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as critical, was found in NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x. Affected is an unknown function. The manipulation leads to improper validation of specified index, position, or offset in input. This vulnerability is traded as CVE-2025-2634. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-2633 | NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x lvre!UDecStrToNum improper validation of specified index, position, or offset in input (EUVD-2025-22461)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in NI LabVIEW up to 22.3.5/23.3.6/24.3.3/25.2.x. This issue affects the function lvre!UDecStrToNum. The manipulation leads to improper validation of specified index, position, or offset in input. The identification of this vulnerability is CVE-2025-2633. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad