Aggregator

CVE-2025-5870 | TRENDnet TV-IP121W 1.1.1 Build 36 Web Interface /admin/setup.cgi improper authentication (EUVD-2025-17444)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component Web Interface. The manipulation leads to improper authentication. This vulnerability is known as CVE-2025-5870. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2013-5701 | Watchguard Server Center 11.7.4 Path wlcollector.exe access control (EDB-38752 / ID 121446)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Watchguard Server Center 11.7.4. It has been classified as critical. This affects an unknown part in the library wgpr.dll of the file wlcollector.exe of the component Path Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2013-5701. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2017-7018 | Apple iCloud up to 6.2.1 on Windows WebKit memory corruption (HT207927 / EDB-42373)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in Apple iCloud up to 6.2.1 on Windows. This vulnerability affects unknown code of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-7018. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

雷神众测漏洞周报2025.6.3-2025.6.8

雷神众测
2 months 1 week ago
雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章,必须保证此文章的副本,包括版权声明等全部内容。声明雷神众测允许,不得任意修改或增减此文章内容,不得以任何方式将其用于商业目的。

安全阻碍了企业拥抱 AI

Solidot
2 months 1 week ago
企业采用 AI 的比例只有 10%。Chatterbox Labs CEO Danny Coleman 和 CTO Stuart Battersby 认为一个重要原因是安全性。Colema 说,麦肯锡称 AI 是一个价值 4 万亿美元的市场,但如果你不断推出不仅安全性未知,而且企业或社会影响都未知的产品,你如何推动市场发展?AI 的兴趣和投资在增长,但普及却相对缓慢。Battersby 说,不要轻信大模型供应商的花言巧语,因为他们总是会说模型是无比安全的。传统的网络安全和 AI 安全在相互碰撞,而大多数信息安全团队尚未跟上发展。

Critical SOQL Injection 0-Day Vulnerability in Salesforce Affects Millions Worldwide

Cyber Security News
2 months 1 week ago

A critical zero-day vulnerability discovered in Salesforce‘s default controller has exposed millions of user records across thousands of deployments worldwide.  The security flaw, found in the built-in aura://CsvDataImportResourceFamilyController/ACTION$getCsvAutoMap controller, allowed attackers to extract sensitive user information and document details through SOQL injection techniques. SOQL Injection 0-Day Vulnerability The vulnerability was discovered while conducting automated fuzzing […]

The post Critical SOQL Injection 0-Day Vulnerability in Salesforce Affects Millions Worldwide appeared first on Cyber Security News.

Guru Baran

CNVD漏洞周报2025年第21期

CNVD漏洞平台
2 months 1 week ago
国家信息安全漏洞共享平台(以下简称CNVD)本周共收集、整理信息安全漏洞488个,其中高危漏洞219个、中危漏洞240个、低危漏洞29个。

CVE-2017-7018 | Apple Safari up to 10.1.1 WebKit memory corruption (HT207921 / EDB-42373)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, was found in Apple Safari up to 10.1.1. This affects an unknown part of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-7018. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2007-1243 | Audins Audiens 3.3 unistall.php cnf=disinstalla Remote Code Execution (EDB-29676 / XFDB-32707)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Audins Audiens 3.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file unistall.php. The manipulation of the argument cnf=disinstalla leads to Remote Code Execution. This vulnerability is known as CVE-2007-1243. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad