Aggregator

A vulnerability classified as problematic was found in Emby MediaBrowser 4.9.0.35. Affected by this vulnerability is an unknown functionality. The manipulation leads to observable response discrepancy. This vulnerability is known as CVE-2025-46390. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Emby MediaBrowser 4.9.0.35. Affected by this issue is some unknown functionality. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-46391. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Elgato Key Light, Key Light Air, Key Light Mini, Key Light Neo, Ring Light, Light Strip and Light Strip Pro up to 1.0.3(218). Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-7202. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Emby MediaBrowser 4.9.0.35. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2025-46386. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in TechPowerUp ThrottleStop 3.0.0.0. It has been declared as critical. This vulnerability affects the function MmMapIoSpace in the library ThrottleStop.sys of the component IOCTL Interface. The manipulation leads to exposed ioctl with insufficient access control. This vulnerability was named CVE-2025-7771. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SATO CL4-6NX Plus and CL4-6NX-J Plus. It has been classified as critical. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-22469. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SATO CL4-6NX Plus and CL4-6NX-J Plus and classified as critical. Affected by this issue is some unknown functionality of the component Lua Script Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-22470. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in HashiCorp Vault and Vault Enterprise up to 1.20.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component LDAP Auth Method Handler. The manipulation leads to improper neutralization of whitespace. This vulnerability is known as CVE-2025-6013. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Пользователь входит по отпечатку, а кто-то другой — по уязвимости.

Descope launched Agentic Identity Control Plane, a solution that enables security teams to institute policy-based governance, auditing, and identity management for their AI agent and Model Context Protocol (MCP) ecosystems. The Agentic Identity Control Plane builds on top of the existing Descope Agentic Identity Hub to mark a huge step forward in Descope’s vision of becoming the identity provider for AI agents. As AI agents, LLMs, and MCP servers continue gaining rapid adoption, security leaders … More →

The post Descope enhances AI identity security with Agentic Identity Control Plane appeared first on Help Net Security.

关键词网络攻击2025年7月发生的这场针对Bing搜索引擎的精密投毒攻击，堪称数字化时代的"特洛伊木马"现代版

关键词安全漏洞网络安全研究人员近日确认，Trend Micro Apex One（本地版）管理控制台存在两个至

关键词网咯攻击网络安全公司Proofpoint近期披露了一项持续进行的攻击活动，黑客通过伪造知名企业的微软OA

关键词安全漏洞近期曝出的Dell笔记本重大安全漏洞犹如为网络安全敲响了一记警钟。

As the volume and sophistication of cyber threats and risks grow, cybersecurity has become mission-critical for businesses of all sizes. To address this shift, SMBs have been urgently turning to vCISO services to keep up with escalating threats and compliance demands. A recent report by Cynomi has found that a full 79% of MSPs and MSSPs see high demand for vCISO services among SMBs. How are

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

速修复

LegalPwn 不仅仅存在于理论中

WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. [...]

MIND announced the general availability of the first autonomous DLP platform, enabling security teams to safely use GenAI, go beyond compliance, and automate data protection across all IT environments by reducing manual work and preventing sensitive data leaks. Built from the ground up as an AI-native DLP platform to automate the entire lifecycle of data protection, MIND delivers: Data discovery: Automated and continuous inventory of sensitive data at rest and user/agentic AI/non-human activities to remove … More →

The post MIND launches autonomous DLP platform to put data protection on autopilot appeared first on Help Net Security.