Aggregator

A vulnerability, which was classified as critical, has been found in team-alembic ash_authentication up to 4.4.8. Affected by this issue is some unknown functionality. The manipulation leads to improper privilege management. This vulnerability is listed as CVE-2025-25202. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. This vulnerability is known as CVE-2025-9523. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in CGM CLININET up to 2024.MS3. Affected by this vulnerability is the function getPatientIdentifier of the file PatientService.pl. The manipulation of the argument pesel leads to sql injection. This vulnerability is listed as CVE-2025-30058. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability described as critical has been identified in CGM CLININET up to 2025.MS1. Affected by this issue is the function decodeParam. The manipulation of the argument ex:action results in backdoor. This vulnerability is cataloged as CVE-2025-30064. The attack must be initiated from a local position. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in CGM CLININET up to 2024.MS3. This affects an unknown part of the file utils/Reporter/OpenReportWindow.pl. This manipulation of the argument UserID causes sql injection. This vulnerability is registered as CVE-2025-30061. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in CGM CLININET up to 2024.MS3. This vulnerability affects unknown code of the component Configuration File Handler. Such manipulation leads to incorrect permission assignment. This vulnerability is documented as CVE-2025-30063. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in CGM CLININET up to 2024.MS3. Impacted is the function getPerfServiceIds of the file PrepareCDExportJSON.pl. Executing manipulation can lead to sql injection. This vulnerability appears as CVE-2025-30059. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in CGM CLININET up to 2024.MS3 and classified as critical. The affected element is the function getUserInfo of the file ReturnUserUnitsXML.pl. The manipulation of the argument UserID leads to sql injection. This vulnerability is traded as CVE-2025-30060. Access to the local network is required for this attack to succeed. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Zulip up to 10.3. Impacted is an unknown function of the file /digest/ of the component Topic Name Handler/Channel Name Handler. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-52559. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

图片：该基地是朝鲜从未宣布的多达20个导弹设施之一。（图片来源：战略与国际研究中心/Beyond Paral

Microsoft устала гонять ключи по сети и встроила по замку в каждый сервер.

Learn about the top external network risks and recommendations to harden configurations from the CIS Cyber Threat Intelligence team.

Learn about the top external network risks and recommendations to harden configurations from the CIS Cyber Threat Intelligence team.

本文提出了一种新的目标导向生成式提示注入攻击 (G2PIA) 方法。

Spotify today rolled out a native direct messaging feature, Messages, for both Free and Premium users aged 16+ in select markets on mobile.  This long-awaited addition creates a dedicated in-app space to share tracks, podcasts, and audiobooks, supercharging word-of-mouth recommendations. However, security researchers warn that the new chat API could introduce attack vectors if not […]

The post Spotify Launches Direct Message Feature for Music Sharing, What are the Risks Associated? appeared first on Cyber Security News.

The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. [...]

Researchers raise the alarm that a new, rapidly evolving ransomware strain uses an OpenAI model to render and execute malicious code in real time, ushering in a new era of cyberattacks against enterprises.

Failure to comply with consumer data access and deletion requests highlights the urgent need for standardized verification processes and stronger enforcement mechanisms to protect consumer privacy.

NVIDIA released a security bulletin for NVIDIA® NeMo Curator addressing a high-severity vulnerability (CVE-2025-23307) that affects all prior versions of the Curator software. The flaw, rooted in improper handling of user-supplied files, allows a maliciously crafted file to be processed by NeMo Curator, leading to code injection and arbitrary code execution. Successful exploitation can result […]

The post NVIDIA NeMo AI Curator Vulnerability Allows Code Execution and Privilege Escalation appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.