Aggregator

CVE-2025-48527 | Google Android 13/14/15/16 information disclosure (WID-SEC-2025-1944)

Vuldb Updates
3 months 1 week ago
A vulnerability classified as problematic was found in Google Android 13/14/15/16. The impacted element is an unknown function. Performing manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-48527. The attack must be initiated from a local position. There is no exploit available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-48529 | Google Android 13/14/15/16 VoicemailNotificationSettingsUtil.java setRingtoneUri information disclosure (WID-SEC-2025-1944)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Google Android 13/14/15/16. This affects the function setRingtoneUri of the file VoicemailNotificationSettingsUtil.java. Executing manipulation can lead to information disclosure. This vulnerability is registered as CVE-2025-48529. The attack needs to be launched locally. No exploit is available. It is advisable to implement a patch to correct this issue.
vuldb.com

CVE-2025-48526 | Google Android 13/14/15/16 ChooserActivity.java createMultiProfilePagerAdapter privileges assignment (EUVD-2025-26824 / WID-SEC-2025-1944)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Google Android 13/14/15/16. This vulnerability affects the function createMultiProfilePagerAdapter of the file ChooserActivity.java. This manipulation causes incorrect privilege assignment. The identification of this vulnerability is CVE-2025-48526. The attack can only be executed locally. There is no exploit available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-48524 | Google Android 13/14/15/16 WifiPermissionsUtil.java isSystem denial of service (WID-SEC-2025-1944)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in Google Android 13/14/15/16. It has been classified as problematic. Impacted is the function isSystem of the file WifiPermissionsUtil.java. Executing manipulation can lead to denial of service. This vulnerability is registered as CVE-2025-48524. The attack needs to be launched locally. No exploit is available. A patch should be applied to remediate this issue.
vuldb.com

CVE-2025-8860 | QEMU uefi var-service-core.c uefi_vars_write information disclosure (Nessus ID 259891 / WID-SEC-2025-1763)

Vuldb Updates
3 months 1 week ago
A vulnerability, which was classified as problematic, has been found in QEMU. Affected is the function uefi_vars_write of the file hw/uefi/var-service-core.c of the component uefi. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-8860. The attack needs to be approached within the local network. There is no available exploit. To fix this issue, it is recommended to deploy a patch.
vuldb.com

CVE-2025-36100 | IBM MQ up to 9.4.3.0 CD Client Configuration password in configuration file (WID-SEC-2025-1980)

Vuldb Updates
3 months 1 week ago
A vulnerability was found in IBM MQ up to 9.4.3.0 CD. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Client Configuration Handler. The manipulation results in password in configuration file. This vulnerability is identified as CVE-2025-36100. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-36100 | IBM MQ up to 9.4.3.0 CD Client Configuration password in configuration file (EUVD-2025-27092 / Nessus ID 261408)

VulDB Recent Entries
3 months 1 week ago
A vulnerability categorized as problematic has been discovered in IBM MQ up to 9.4.3.0 CD. Affected by this issue is some unknown functionality of the component Client Configuration Handler. The manipulation results in password in configuration file. This vulnerability is identified as CVE-2025-36100. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

Weekly Update 468

Troy Hunt
3 months 1 week ago

I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's

Troy Hunt

Weekly Update 468

不安全
3 months 1 week ago
文章回忆了作者在新加坡的生活与旅行经历,特别提到当地美食的多样性与美味,从小贩中心的小吃到贵价的辣椒螃蟹,展现了食物为旅行带来的独特乐趣。

Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability

Help Net Security
3 months 1 week ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances were accessed. Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) A … More →

The post Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability appeared first on Help Net Security.

Help Net Security

Managed ad