Aggregator

A vulnerability has been found in Mattermost up to 9.11.13/10.5.4/10.6.3/10.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /api/v4/ldap/groups/{remote_id}/link of the component LDAP Search Filter. The manipulation of the argument objectGUID leads to ldap injection. This vulnerability is known as CVE-2025-4573. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Сначала был Tinder, потом крипта, а дальше — Багамы и прачечная.

Каждое приложение теперь живёт в своей мини-вселенной и стартует за долю секунды.

Apache CloudStack, a leading open-source cloud management platform, has announced the immediate availability of new Long-Term Support (LTS) releases—version 4.19.3.0 and 4.20.1.0—to address multiple critical security vulnerabilities. The advisory, published by PMC member Pearl Dsilva on June 10, 2025, highlights five distinct vulnerabilities, two of which are rated critical and pose significant risks to user […]

The post Apache CloudStack Flaw Allows Attackers to Execute Privileged Actions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

在面对软件和硬件产品漏洞激增的情况下，企业或团队需构建成熟的漏洞管理程序以应对网络威胁。

A vulnerability, which was classified as critical, was found in SIMCom SIM7600G Modem LE20B03SIM7600M21-A. Affected is an unknown function of the component AT Command Handler. The manipulation leads to backdoor. This vulnerability is traded as CVE-2025-26412. It is possible to launch the attack remotely. There is no exploit available.

SAML SSO: How It Works in 8 Simple Steps (2025) SAML SSO is one of the most popular ways to simplify and secure user login for businesses and applications. In this guide, we’ll explain what SAML SSO is, how it works step-by-step, and why many organizations prefer it for seamless Single Sign-On experiences. Remember that...

The post SAML SSO: 8 Easy Steps to Understand How It Works (2025 Guide) appeared first on Security Boulevard.

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-47005. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Experience Manager up to 6.5.22. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-46984. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Experience Manager up to 6.5.22. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-46988. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Experience Manager up to 6.5.22 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-46989. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

The products affected by the issues are part of the Salesforce OmniStudio suite, including FlexCards and Data Mappers

速修复

速修复

Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface," the U.S. Cybersecurity and Infrastructure

Если шифрование можно отключить одним человеком — это не шифрование, а иллюзия безопасности.

2025年6月11日（北京时间），微软发布了2025 年 6月安全更新，共发布了69个CVE的补丁程序，同比上月减少了13个。

流量检测智能体来了