Aggregator

A vulnerability marked as problematic has been reported in IBM Edge Application Manager 4.5. This impacts an unknown function. Performing manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2025-1139. Attacking locally is a requirement. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in zhenfeng13 My-Blog 1.0.0 and classified as problematic. This affects an unknown part of the file /blog/comment of the component Frontend Blog Article Comment Handler. Performing manipulation results in authentication bypass by capture-replay. This vulnerability is identified as CVE-2025-9100. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/tags/save of the component Tag Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2025-9101. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This impacts an unknown function of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. Such manipulation of the argument ObjectID leads to sql injection. This vulnerability is referenced as CVE-2025-8702. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. Performing manipulation of the argument energyId results in sql injection. This vulnerability is identified as CVE-2025-8703. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability described as critical has been identified in Helm up to 3.18.3. This affects an unknown function. The manipulation results in code injection. This vulnerability is reported as CVE-2025-53547. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability has been found in Check Point SmartConsole R81.10/R81.20/R82 and classified as problematic. Affected is an unknown function. This manipulation causes cleartext storage of sensitive information in memory. This vulnerability is handled as CVE-2024-24915. It is feasible to perform the attack on the physical device. There is not any exploit available.

A vulnerability identified as critical has been detected in Helm up to 3.17.2. The affected element is an unknown function of the component JSON Schema File Handler. Performing manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-32387. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Helm up to 3.17.2. The impacted element is an unknown function. Executing manipulation can lead to uncontrolled memory allocation. This vulnerability is registered as CVE-2025-32386. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

The Homeland Security Committee also voted out bills addressing pipeline cybersecurity and terrorists’ use of AI.

The post House panel approves cyber information sharing, grant legislation as expiration deadlines loom appeared first on CyberScoop.

Си Цзиньпин дарит Мадуро телефон, который уже давно под колпаком у американцев.

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Archaeology Research’ appeared first on Security Boulevard.

Неужели машины стоят на пороге настоящего мышления?

The Alliance for Creativity and Entertainment (ACE) and Egyptian authorities have shut down Streameast, the world's largest illegal live sports streaming network, and arrested two people allegedly associated with the operation. [...]

腾讯发布了混元世界模型-Voyager（HunyuanWorld-Voyager），能基于单张输入图像生成具有世界一致性的3D点云，并支持用户按照自定义的相机路径进行沉浸式世界探索。HunyuanWorld-Voyager 使用了一个包含超过 10 万个视频片段的数据集进行训练，它包含两个关键组件：世界一致的视频扩散 和 长距离世界探索。腾讯发布了该模型的推理代码和模型权重。

Workiva, a leading cloud-based SaaS (Software as a Service) provider, notified its customers that attackers who gained access to a third-party customer relationship management (CRM) system stole some of their data. [...]

A vulnerability classified as problematic was found in OnionShare up to 2.4. This vulnerability affects unknown code of the component QT Image Parser. Executing manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2022-21688. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Grafana up to 7.3.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file api_jsonrpc.php. This manipulation causes source code. The identification of this vulnerability is CVE-2022-26148. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Moodle. The impacted element is an unknown function of the component H5P Library Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2022-2986. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GLPI up to 10.0.3. It has been declared as critical. This issue affects some unknown processing of the component RSS Feed. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2022-39276. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.