Aggregator

CVE-2025-34081 | Contec CONPROSYS HMI System up to 3.7.6 phpinfo insertion of sensitive information into debugging code (EUVD-2025-19656)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in Contec CONPROSYS HMI System up to 3.7.6. It has been classified as problematic. Affected is the function phpinfo. The manipulation leads to insertion of sensitive information into debugging code. This vulnerability is traded as CVE-2025-34081. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53100 | RestDB codehooks-mcp-server up to 0.2.1 os command injection (GHSA-fhq6-jf5q-qxvq / EUVD-2025-19660)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability was found in RestDB codehooks-mcp-server up to 0.2.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-53100. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-53104 | gluestack-ui discussion-to-slack.yml command injection (e6b4271 / EUVD-2025-19665)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability has been found in gluestack-ui and classified as critical. This vulnerability affects unknown code of the file discussion-to-slack.yml. The manipulation leads to command injection. This vulnerability was named CVE-2025-53104. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-53107 | cyanheads git-mcp-server up to 2.1.4 child_process command injection (GHSA-3q26-f695-pp76 / EUVD-2025-19657)

VulDB Recent Entries
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in cyanheads git-mcp-server up to 2.1.4. This affects the function child_process. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-53107. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41656 | Pilz IndustrialPI 4 with Bullseye up to 2024-08 Node_RED Server missing authentication (VDE-2025-045 / EUVD-2025-19648)

Vuldb Updates
1 month 2 weeks ago
A vulnerability, which was classified as critical, was found in Pilz IndustrialPI 4 with Bullseye up to 2024-08. Affected is an unknown function of the component Node_RED Server. The manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-41656. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

Snake Keyloggers Abuse Java Utilities to Evade Security Tools

Cyber Security News
1 month 2 weeks ago

A sophisticated phishing campaign leveraging the Snake Keylogger malware has emerged, exploiting legitimate Java debugging utilities to bypass security mechanisms and target organizations worldwide. The Russian-originated .NET malware, distributed through a Malware as a Service (MaaS) model, represents a significant evolution in cybercriminal tactics by abusing trusted system components that typically evade detection. The campaign […]

The post Snake Keyloggers Abuse Java Utilities to Evade Security Tools appeared first on Cyber Security News.

Tushar Subhra Dutta

Akira

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
1 month 2 weeks ago

You must login to view this content

cohenido

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

The Hackers News
1 month 2 weeks ago
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts. The vulnerability, tracked as CVE-2025-49596, carries a CVSS score of 9.4 out of a maximum of 10.0. "This is one
The Hacker News

Managed ad