Aggregator

CVE-2025-54079 | LabRedesCefetRJ WeGIA up to 3.4.5 Profile_Atendido.php idatendido sql injection

VulDB Recent Entries
1 week 1 day ago
A vulnerability, which was classified as critical, has been found in LabRedesCefetRJ WeGIA up to 3.4.5. Affected by this issue is some unknown functionality of the file /html/atendido/Profile_Atendido.php. The manipulation of the argument idatendido leads to sql injection. This vulnerability is handled as CVE-2025-54079. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54059 | melange up to 0.29.4 SBOM File default permission

VulDB Recent Entries
1 week 1 day ago
A vulnerability classified as critical was found in melange up to 0.29.4. Affected by this vulnerability is an unknown functionality of the component SBOM File Handler. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2025-54059. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46732 | OpenCTI up to 6.6.5 GrapQL improper authorization (GHSA-535g-qp2c-h7vp)

VulDB Recent Entries
1 week 1 day ago
A vulnerability was found in OpenCTI up to 6.6.5. It has been rated as critical. This issue affects the function NotificationLineNotificationMarkReadMutation/NotificationLineNotificationDeleteMutation of the component GrapQL. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-46732. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53888 | RIOT-OS up to 2025.04 l2filter_add addr_len buffer overflow

VulDB Recent Entries
1 week 1 day ago
A vulnerability was found in RIOT-OS up to 2025.04. It has been declared as critical. This vulnerability affects the function l2filter_add. The manipulation of the argument addr_len leads to buffer overflow. This vulnerability was named CVE-2025-53888. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-46000 | Filemanager 2.5.0 SVG File filemanager.rsc.class.php unrestricted upload (EUVD-2025-21885)

VulDB Recent Entries
1 week 1 day ago
A vulnerability was found in Filemanager 2.5.0. It has been classified as critical. This affects an unknown part of the file /rsc/filemanager.rsc.class.php of the component SVG File Handler. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-46000. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

苹果起诉通过进入前员工公寓窃取 iOS 26 机密的 YouTube 主播

Solidot
1 week 1 day ago
YouTube 主播 Jon Prosser 自今年 1 月起发布了多则视频,展示了苹果要到 6 月份的 WWDC 开发者大会上才公开的 iOS 26 设计细节。此事引起了苹果的注意,它正式对 Prosser 和 Michael Ramacciotti 提起诉讼,指控他们盗窃商业机密。事件的核心是 Ramacciotti 的朋友、苹果员工(已解雇)Ethan Lipnik。Lipnik 持有一部开发中的 iPhone 手机,Prosser 和 Ramacciotti 被控密谋获取这部手机,他们首先窃取密码,然后使用位置追踪技术判断他何时长时间离家。Prosser 向 Ramacciotti 提供经济补偿,Ramacciotti 在 Lipnik 离家后进入其公寓取到了这部开发版 iPhone,通过 FaceTime 向 Prosser 介绍了开发中的 iOS 26。Lipnik 因为未能遵守公司保护开发中和未发布设备和软件的政策而被解雇。苹果不清楚 Prosser 和 Ramacciotti 掌握了多少商业机密,它提起诉讼是为了防止更多机密泄漏。

The Challenges of Operationalizing Threat Intelligence

Security Boulevard
1 week 1 day ago

Most security teams subscribe to more threat‑intel feeds than they can digest, yet attackers keep winning. Cyware’s Jawahar Sivasankaran explains why: Outside the Fortune 500 and federal agencies, many organizations still treat cyberthreat intelligence (CTI) as another inbox rather than an engine for action. They know intel is “absolutely critical,” but legacy tools and skill gaps..

The post The Challenges of Operationalizing Threat Intelligence appeared first on Security Boulevard.

Michael Vizard

Managed ad