Aggregator

A vulnerability has been found in Apple tvOS and classified as critical. This vulnerability affects unknown code of the component Web Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2024-54534. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple visionOS and classified as critical. This issue affects some unknown processing of the component Web Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-54534. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Wireshark up to 3.6.22/4.0.14/4.2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component TLV dissector. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2024-4854. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has warned organizations worldwide that threat actors are ramping up their exploitation of critical vulnerabilities in on-premises Exchange Server and SharePoint Server. These attacks, observed in recent months, have enabled cybercriminals to gain persistent and privileged access to targeted environments, leading to remote code execution, lateral movement, and the exfiltration of sensitive data. While […]

The post Hackers Actively Exploiting Critical Exchange & SharePoint Server Vulnerabilities appeared first on Cyber Security News.

恶意软件自动化分析沙箱平台

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws
A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to shrink the government.

EVP Muhi Majzoub Outlines Integration of TDR, Generative AI Across Core Platforms
OpenText is embedding threat detection, identity protection and generative AI across its cloud and on-premises platforms. EVP Muhi Majzoub says the threat detection and response system will integrate with Microsoft Defender, CrowdStrike and others to identify anomalies and stop attacks in real time.

b3acon is a mail based C2 that uses an in-memory, dynamically compiled C# IMAP client via PowerShell. It communicates entirely through standard email protocols, fetching commands from email drafts and sending execution results to the...

The post b3acon: In-Memory C# IMAP C2 over Email appeared first on Penetration Testing Tools.

A vulnerability was found in Apple macOS. It has been rated as problematic. Affected by this issue is some unknown functionality of the component User Interface. The manipulation leads to clickjacking. This vulnerability is handled as CVE-2023-42843. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Beaver Builder Plugin up to 2.7.4.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-1038. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Beaver Builder Plugin up to 2.7.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-0897. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Beaver Builder Plugin up to 2.7.4.2 on WordPress. Affected by this issue is some unknown functionality of the component Icon Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-0871. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Liferay Portal and DXP. This vulnerability affects unknown code of the component Document Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability was named CVE-2023-47795. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Elementor Addon Elements Plugin up to 1.12.12 on WordPress. Affected is an unknown function of the component Content Switcher Widget. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1393. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in IBM InfoSphere Information Server 11.7. This affects an unknown part of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2023-33843. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Webex Teams. It has been rated as critical. Affected by this issue is some unknown functionality of the component URL Parser. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is handled as CVE-2025-20236. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Autodesk Revit 9.0.7/2023.1.4/2024/2024.2.1/2025. This affects an unknown part of the component RCS File Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-1274. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk Revit 9.0.7/2023.1.4/2024/2024.2.1/2025. It has been rated as critical. Affected by this issue is some unknown functionality of the component PDF File Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-1656. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in VMware Workstation and Player up to 9.0.3 on Windows. Affected is an unknown function of the component JPEG2000 Image Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2016-7084. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.