Aggregator

A vulnerability, which was classified as problematic, was found in net-html up to 0.37.x on Go. This affects the function Parse of the component Tokenizer. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-22872. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a […]

The post Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Siemens TeleControl Server Basic 3.1.2.1. Affected by this issue is the function UpdateProjectCrossCommunications. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-32828. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Siemens TeleControl Server Basic 3.1.2.1. Affected by this vulnerability is the function ActivateProject. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-32827. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Siemens TeleControl Server Basic 3.1.2.1. Affected is the function GetActiveProjects. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-32826. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been rated as critical. This issue affects the function GetProjects. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-32825. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been declared as critical. This vulnerability affects the function UnlockProject. The manipulation leads to sql injection. This vulnerability was named CVE-2025-32824. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been classified as critical. This affects the function LockProject. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-32823. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1 and classified as critical. Affected by this issue is the function DeleteProject. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-32822. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Siemens TeleControl Server Basic 3.1.2.1 and classified as critical. Affected by this vulnerability is the function UpdateProject. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-32475. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Siemens TeleControl Server Basic 3.1.2.1. Affected is the function UpdateOpcSettings. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-31353. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Siemens TeleControl Server Basic 3.1.2.1. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-31352. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Critical Windows Task Scheduler involving schtasks.exe binary, which could enable malicious actors to execute commands with SYSTEM-level privileges, bypassing User Account Control (UAC) prompts and erasing audit logs. These flaws significantly elevate the threat landscape for Windows environments, posing risks of privilege escalation, stealthy system manipulation, and data exfiltration. At the heart of the issue […]

The post New Windows Task Scheduler Vulnerabilities Allows Command Execution as Admin User appeared first on Cyber Security News.

A vulnerability was found in QuickJS. It has been classified as problematic. Affected is the function build_for_in_iterator. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-48183. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in QuickJS 3b45d15 and classified as critical. Affected by this vulnerability is the function JS_FreeRuntime of the file quickjs.c. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2024-33263. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Theora up to 1.0 7180717. Affected is the function oc_huff_tree_unpack of the file huffdec.c of the component libtheora. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2024-56431. Access to the local network is required for this attack. There is no exploit available.