Aggregator

CVE-2025-9293 | TP-Link Tapo App certificate validation (CNNVD-202602-2315)

Vuldb Updates
3 months 2 weeks ago
A vulnerability labeled as critical has been found in TP-Link Tapo App, Kasa App, Omada App, Omada Guard, Tether App, Deco App, Aginet App, tpCamera App, WiFi Toolkit, Festa App, Wi-Fi Navi, KidShield, TP-Partner App and VIGI App. Affected by this issue is some unknown functionality. The manipulation results in improper certificate validation. This vulnerability is reported as CVE-2025-9293. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.
vuldb.com

CVE-2025-9292 | TP-Link Omada Cloud Controller cross-domain policy (CNNVD-202602-2316)

Vuldb Updates
3 months 2 weeks ago
A vulnerability was found in TP-Link Omada Cloud Controller. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes permissive cross-domain policy with untrusted domains. This vulnerability is tracked as CVE-2025-9292. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2024-21961 | AMD EPYC 7002 Processors PCIe Link memory corruption (CNNVD-202602-2318)

Vuldb Updates
3 months 2 weeks ago
A vulnerability categorized as critical has been discovered in AMD EPYC 7002 Processors, Ryzen 5000 Mobile Processors with Radeon Graphics, Ryzen 7000 Desktop Processors, Ryzen 5000 Desktop Processors, Ryzen 3000 Desktop Processors, Ryzen Z1 Processors, Ryzen 7040 Mobile Processors with Radeon Graphics, Ryzen 8040 Mobile Processors with Radeon Graphics, Ryzen 8000 Desktop Processors, Ryzen 4000 Mobile Processors with Radeon Graphics, Ryzen 6000 Processors with Radeon Graphics, Ryzen 7020 Processors with Radeon Graphics, Ryzen 7045 Mobile Processors with Radeon Graphics, Ryzen 5000 Desktop Processors with Radeon Graphics, Ryzen 4000 Desktop Processors, Ryzen Z2 Processors, EPYC Embedded 7002 Processors, Ryzen Embedded 5000 Processors, Ryzen Embedded V2000 Processors, Ryzen Embedded V3000 Processors, Ryzen Embedded 8000 Processors and Ryzen Embedded 7000 Processors. Affected is an unknown function of the component PCIe Link. Executing a manipulation can lead to memory corruption. This vulnerability is registered as CVE-2024-21961. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2026-2878 | Progress Telerik UI for ASP.NET AJAX 2021.1.224/2025.1.416 File Content RadAsyncUpload entropy

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in Progress Telerik UI for ASP.NET AJAX 2021.1.224/2025.1.416. It has been classified as problematic. This vulnerability affects the function RadAsyncUpload of the component File Content Handler. This manipulation causes insufficient entropy. The identification of this vulnerability is CVE-2026-2878. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-12543

CVE Trends
3 months 2 weeks ago
Currently trending CVE - Hype Score: 1 - A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are ...

CVE-2025-62518

CVE Trends
3 months 2 weeks ago
Currently trending CVE - Hype Score: 3 - astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When ...

CVE-2026-27692 | InternationalColorConsortium iccDEV up to 2.3.1.4 Release out-of-bounds

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability has been found in InternationalColorConsortium iccDEV up to 2.3.1.4 and classified as critical. Affected by this issue is the function CIccTagTextDescription::Release. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2026-27692. The attack is possible to be carried out remotely. No exploit exists. It is suggested to install a patch to address this issue.
vuldb.com

CVE-2026-27695 | zeroae zae-limiter up to 0.10.0 allocation of resources

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in zeroae zae-limiter up to 0.10.0. Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to allocation of resources. This vulnerability is handled as CVE-2026-27695. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

VECT

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

VECT

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

SLH Offers $500–$1,000 Per Call to Recruit Women for IT Help Desk Vishing Attacks

The Hackers News
3 months 2 weeks ago
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks. The idea is to hire them for voice phishing campaigns targeting IT help desks, Dataminr said in a new threat brief. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to
The Hacker News

Netskope NewEdge AI Fast Path reduces latency for enterprise AI workloads

Help Net Security
3 months 2 weeks ago

Netskope has announced NewEdge AI Fast Path, a set of capabilities designed to optimize network paths to critical AI destinations, including applications hosted in public, private, or neo-cloud environments. The offering reduces latency and costs, improves performance and resilience, and delivers a secure experience for teams using AI applications or enterprises adopting agentic AI. Eliminating the “security vs. speed” dilemma The gap between AI expectations and reality is widening, and a recent survey revealed that … More →

The post Netskope NewEdge AI Fast Path reduces latency for enterprise AI workloads appeared first on Help Net Security.

Industry News

Managed ad