Aggregator

CVE-2025-20275 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 aef File deserialization (cisco-sa-uccx-editor-rce-ezyYZte8 / EUVD-2025-16888)

Vuldb Updates
4 months 3 weeks ago
A vulnerability has been found in Cisco Unified Contact Center Express and classified as critical. Affected by this vulnerability is an unknown functionality of the component aef File Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-20275. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20130 | Cisco Identity Services Engine Software 2.7.0 p8 up to 3.2.0 p6 API access control (cisco-sa-ise-file-upload-P4M8vwXY / EUVD-2025-16893)

Vuldb Updates
4 months 3 weeks ago
A vulnerability was found in Cisco Identity Services Engine Software. It has been declared as critical. This vulnerability affects unknown code of the component API. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-20130. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20276 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 Web-based Management Interface deserialization (cisco-sa-uccx-multi-UhOTvPGL / EUVD-2025-16887)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as problematic has been found in Cisco Unified Contact Center Express. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-20276. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20277 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 Web-based Management Interface path traversal (cisco-sa-uccx-multi-UhOTvPGL / EUVD-2025-16886)

Vuldb Updates
4 months 3 weeks ago
A vulnerability classified as critical was found in Cisco Unified Contact Center Express. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to path traversal. This vulnerability was named CVE-2025-20277. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

INC

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

Scavenger Malware Compromises Popular npm Packages to Target Developers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
4 months 3 weeks ago

The well-known npm package eslint-config-prettier was released without authorization, according to several GitHub users, even though its repository did not contain any corresponding code changes. The maintainer later confirmed via social media that their npm account was compromised through a phishing email, affecting several packages including eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7; eslint-plugin-prettier versions […]

The post Scavenger Malware Compromises Popular npm Packages to Target Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

INC

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

INC

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

INC

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

INC

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

SharePoint under fire: new ToolShell attacks target enterprises

Security Affairs
4 months 3 weeks ago
While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and 2019, with 2016 updates pending. Microsoft […]
Pierluigi Paganini

Exclusive! Threat Intelligence That Powers Best SOCs Worldwide Is Now Free  

Cyber Security News
4 months 3 weeks ago

Quality threat intelligence has traditionally been the domain of enterprise-level budgets and premium subscriptions. The kind of fresh, actionable data that transforms how SOCs operate has remained frustratingly out of reach for many organizations. Until now.  A Game-Changing Opportunity For Your Security Operations  ANY.RUN has just made an unprecedented move that will reshape how security […]

The post Exclusive! Threat Intelligence That Powers Best SOCs Worldwide Is Now Free   appeared first on Cyber Security News.

Sweta Bose

Lynx

Dark Feed IO
4 months 3 weeks ago

You must login to view this content

cohenido

Managed ad