Aggregator

A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1381. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Fujifilm DocuPrint CP225w, DocuPrint CP228w, DocuPrint CM225fw and DocuPrint CM228fw. This vulnerability affects unknown code of the component Printer Job File Handler. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-45320. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical has been found in OpenAnolis Anolis OS 2.73;0. This affects an unknown part of the file pam_cap.so of the component Group Name Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-1390. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in LuxSoft LuxCal Web Calendar. It has been rated as critical. Affected by this issue is some unknown functionality of the file dloader.php. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-25224. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LuxSoft LuxCal Web Calendar. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file dloader.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-25223. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LuxSoft LuxCal Web Calendar and classified as critical. This issue affects some unknown processing of the file retrieve.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-25222. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in LuxSoft LuxCal Web Calendar. It has been classified as critical. Affected is an unknown function of the file pdf.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-25221. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

本文将介绍这些流行AI工具的安全问题，以及如何使用开源的AI-Infra-Guard一键检测与收敛相关风险。

Juniper Networks has issued an urgent security bulletin for its Session Smart Router, Session Smart Conductor, and WAN Assurance Router product lines, revealing a critical API authentication bypass vulnerability (CVE-2025-21589) that enables unauthenticated attackers to gain full administrative control over devices. The flaw carries maximum severity ratings of 9.8 under CVSS v3.1 and 9.3 under […]

The post Juniper Issues Warning About Critical Authentication Bypass Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in Surbma Plugin up to 2.0 on WordPress and classified as problematic. Affected by this vulnerability is the function sa-form of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11433. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in hanthuy Integrate Firebase Plugin up to 0.9.3 on WordPress and classified as problematic. Affected by this issue is the function firebase_show of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11785. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Smart Agenda Plugin up to 4.6 on WordPress. It has been classified as problematic. This affects the function smartagenda of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11781. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in dejureorg Vernetzungsfunktion Plugin up to 1.97.5 on WordPress. It has been declared as problematic. This vulnerability affects the function djo_einstellungen_menue of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-11417. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in bplugins FAQ and Answers Plugin up to 1.1.0 on WordPress. It has been rated as problematic. This issue affects the function faq of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11882. The attack may be initiated remotely. There is no exploit available.

2025年1月，国产AI大模型DeepSeek横空出世，以媲美同性能模型的性能和不足其1/10的训练成本，一举 […]

Cybersecurity researchers have uncovered a novel phishing campaign distributing the notorious Tycoon 2FA phishing kit through fraudulent timesheet notification emails, marking a concerning evolution in multi-layered credential theft operations.  The operation utilizes Pinterest’s visual bookmarking service as an intermediary redirector, demonstrating attackers’ increasing sophistication in bypassing traditional email security filters. Campaign Mechanics and Delivery Vector […]

The post Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

In this Help Net Security, Oded Hareven, CEO of Akeyless Security, discusses how enterprises should adapt their cybersecurity strategies to address the growing need for machine-to-machine (M2M) security. According to Hareven, machine identities must be secured and governed similarly to human identities, focusing on automation and policy-as-code. How should enterprises reframe their cybersecurity strategies to account for machine-to-machine interactions? Enterprises need to recognize that machine-to-machine interactions have fundamentally different identity requirements than human-to-system interactions. Traditional … More →

The post The risks of autonomous AI in machine-to-machine interactions appeared first on Help Net Security.

A vulnerability was found in Ls3 Fenice 1.10. It has been classified as critical. This affects the function parse_url. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2006-2022. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Amazon Phish Hunts for Security Answers and Payment Information

The post Amazon Phish Hunts for Security Answers and Payment Information appeared first on Security Boulevard.

A CVSS score 8.0 AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-02-18, 29 days ago. The vendor is given until 2025-06-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.