Aggregator

CVE-2025-51087 | Tenda AC8V4 16.03.34.06 saveParentControlInfo Time stack-based overflow (EUVD-2025-22524)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability was found in Tenda AC8V4 16.03.34.06. It has been declared as critical. This vulnerability affects unknown code of the file /goform/saveParentControlInfo. The manipulation of the argument Time leads to stack-based buffer overflow. This vulnerability was named CVE-2025-51087. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2025-51085 | Tenda AC8V4 16.03.34.06 /goform/SetSysTimeCfg timeZone stack-based overflow (EUVD-2025-22527)

VulDB Recent Entries
4 months 3 weeks ago
A vulnerability was found in Tenda AC8V4 16.03.34.06 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-51085. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-7795 | Tenda FH451 1.0.0.9 /goform/P2pListFilter fromP2pListFilter page stack-based overflow (EUVD-2025-21917 / EDB-52374)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-7795. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2022-24468 | Microsoft Azure Site Recovery VMWare to Azure privilege escalation (EUVD-2022-29349)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as critical was found in Microsoft Azure Site Recovery VMWare to Azure. This vulnerability affects unknown code. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-24468. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-24489 | Microsoft Windows Server 20H2/Server 2016/Server 2019/Server 2022 Cluster Client Failover privilege escalation (EUVD-2022-29370)

Vuldb Updates
4 months 3 weeks ago
A vulnerability has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 20H2 and classified as critical. This vulnerability affects unknown code of the component Cluster Client Failover. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-24489. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-26917 | Microsoft Windows up to Server 2022 Fax Compose Form Remote Code Execution (EUVD-2022-31463)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Fax Compose Form. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2022-26917. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-35768 | Microsoft Windows up to Server 2022 Kernel privilege escalation (EUVD-2022-38641)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2022-35768. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-21548 | bun up to 1.1.29 API prototype pollution (SNYK-JS-BUN-8499549 / EUVD-2024-3614)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in bun up to 1.1.29. Affected is an unknown function of the component API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-21548. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware

Cyber Security News
4 months 3 weeks ago

Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files, demonstrating the evolving tactics of advanced persistent threat groups. The attack campaign utilizes carefully crafted […]

The post Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 3 weeks ago

Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also known as Patchwork or Quilted Tiger, focusing on Turkish defense contractors specializing in precision-guided missile systems. The campaign, which began active operations in July 2025, employs a five-stage execution chain initiated through spear-phishing emails containing […]

The post Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2022-24765 | Apple Xcode up to 13.3.1 Git access control (HT213261 / EUVD-2022-29592)

Vuldb Updates
4 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Apple Xcode up to 13.3.1. Affected by this issue is some unknown functionality of the component Git. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2022-24765. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad