Aggregator

A vulnerability was found in freescout up to 1.8.179 and classified as problematic. Affected by this issue is some unknown functionality of the component User Creation Handler. The manipulation of the argument fillable leads to enforcement of behavioral workflow. This vulnerability is handled as CVE-2025-48478. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in freescout up to 1.8.179 and classified as critical. Affected by this vulnerability is the function fill. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2025-48477. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Lomkit laravel-rest-api up to 2.12.x. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-48490. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in freescout up to 1.8.179. This issue affects the function fill of the component Password Field Handler. The manipulation leads to enforcement of behavioral workflow. The identification of this vulnerability is CVE-2025-48476. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in gradio-app gradio up to 5.30.x. This vulnerability affects unknown code of the component Flagging Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2025-48889. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

2025年05月24 日 09:00-21:00，经过12个小时的激烈鏖战，第三届京麒 CTF 线上初赛圆满收官，一场精彩绝伦的网络安全竞技盛宴落下帷幕。本次初赛共有390支战队签到参赛，充分展现了网络安全爱好者们的高涨热情与积极态度。

ConnectWise, a leading provider of software solutions for managed service providers, disclosed today that it detected suspicious activity within its environment, believed to be orchestrated by a sophisticated nation-state actor. The breach, which impacted a small number of ScreenConnect customers, has prompted an immediate response from the company, including an investigation led by top cybersecurity […]

The post ConnectWise Hacked – Nation State Actors Compromised the Systems to Access Customer Data appeared first on Cyber Security News.

Пока одни просто болтали по телефону, другие шаг за шагом собирали маршруты их передвижения.

A vulnerability, which was classified as problematic, was found in Vembu StoreGrid 4.4.x. This affects an unknown part of the file interface/registercustomer/onlineregsuccess.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2014-10078. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

2024 年是第一个突破 1.5℃ 全球变暖阈值的单一年份。现在顶尖气候学家首次发出警告，到 2029 年全球升温可能首次超过 2℃。英国国家气象局的科学家每年都会利用世界各地研究机构的气候观测数据和模型，预测未来5年的全球气候。最新预测结果表明，到 2029 年，单一年份的平均温度可能比工业化前水平高出 2℃。根据为世界气象组织（WMO）编制的《全球年际至年代际气候更新》，未来 5 年中至少有一年突破相同阈值（1.5℃ ）的可能性为 86%。与此同时研究人员预测，2025-2029 年间，平均升温超过 1.5℃ 的可能性为 70%。单一年份全球升温超过 2℃ 的可能性仍然非常小，WMO/英国国家气象局的团队估计其概率为 1%。

As enterprises increasingly adopt multi-cloud architectures to optimize flexibility and avoid vendor lock-in, securing these distributed environments has become a critical priority. According to industry forecasts, over 70% of organizations will rely on multi-cloud or hybrid models by 2025. However, this shift has expanded attack surfaces, with misconfigurations, supply chain vulnerabilities, and identity management gaps posing […]

The post Securing Multi-Cloud Infrastructures in 2025 Enterprise Deployments appeared first on Cyber Security News.

A newly disclosed vulnerability, CVE-2025-46701, has been identified in Apache Tomcat’s CGI servlet, allowing attackers to bypass security constraints under specific conditions. The flaw, announced on May 29, 2025, is rooted in the improper handling of case sensitivity within the pathInfo component of URLs mapped to the CGI servlet. When Tomcat is deployed on a […]

The post Apache Tomcat CGI Servlet Flaw Enables Security Constraint Bypass appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in IBM Aspera Faspex up to 5.0.12. This affects an unknown part. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2025-33138. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in IBM Aspera Faspex up to 5.0.12. This vulnerability affects unknown code. The manipulation leads to modification of assumed-immutable data. This vulnerability was named CVE-2025-33136. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in IBM Aspera Faspex up to 5.0.12. This issue affects some unknown processing. The manipulation leads to client-side enforcement of server-side security. The identification of this vulnerability is CVE-2025-33137. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in wireapp wire-webapp 2025-05-14. It has been classified as problematic. This affects an unknown part. The manipulation leads to sensitive information in resource not removed before reuse. This vulnerability is uniquely identified as CVE-2025-48066. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intermesh groupoffice up to 6.8.118/25.0.19. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation of the argument Phone Number leads to cross site scripting. This vulnerability was named CVE-2025-48366. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Intermesh groupoffice up to 6.8.118/25.0.19. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-48368. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Infoblox NETMRI up to 7.6.0 and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2024-52874. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intermesh groupoffice up to 6.8.118/25.0.19. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-48369. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.