Aggregator

CVE-2025-31478 | Zulip up to 10.1 Account Creation improper authentication

4 months ago

A vulnerability classified as critical has been found in Zulip up to 10.1. The affected element is an unknown function of the component Account Creation Handler. This manipulation causes improper authentication. This vulnerability is handled as CVE-2025-31478. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-47930 | Zulip up to 10.2 Channel Privacy authorization (GHSA-rqg7-xfqg-v7q5)

Vuldb Updates

4 months ago

A vulnerability was found in Zulip up to 10.2. It has been rated as problematic. This affects an unknown function of the component Channel Privacy Handler. Performing manipulation results in incorrect authorization. This vulnerability is identified as CVE-2025-47930. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-3755 | Mitsubishi Electric MELSEC iQ-F FX5U-32MT improper validation of specified index, position, or offset in input

Vuldb Updates

4 months ago

A vulnerability was found in Mitsubishi Electric MELSEC iQ-F FX5U-32MT, MELSEC iQ-F FX5U-32MR, MELSEC iQ-F FX5U-64MT, MELSEC iQ-F FX5U-64MR, MELSEC iQ-F FX5U-80MT, MELSEC iQ-F FX5U-80MR, MELSEC iQ-F FX5UC-32MT, D, MELSEC iQ-F FX5UC-64MT, MELSEC iQ-F FX5UC-96MT, DS-TS, DSS-TS, MELSEC iQ-F FX5UC-32MR, MELSEC iQ-F FX5UJ-24MT, MELSEC iQ-F FX5UJ-24MR, MELSEC iQ-F FX5UJ-40MT, MELSEC iQ-F FX5UJ-40MR, MELSEC iQ-F FX5UJ-60MT, MELSEC iQ-F FX5UJ-60MR, ES-A, MELSEC iQ-F FX5S-30MT, MELSEC iQ-F FX5S-30MR, MELSEC iQ-F FX5S-40MT, MELSEC iQ-F FX5S-40MR, MELSEC iQ-F FX5S-60MT, MELSEC iQ-F FX5S-60MR, MELSEC iQ-F FX5S-80MT and MELSEC iQ-F FX5S-80MR. It has been classified as very critical. This affects an unknown function. This manipulation causes improper validation of specified index, position, or offset in input. This vulnerability appears as CVE-2025-3755. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-57800 | advplyr audiobookshelf up to 2.27.x Redirect Call unprotected transport of credentials (GHSA-vpc2-w73p-39px)

Vuldb Updates

4 months ago

A vulnerability identified as critical has been detected in advplyr audiobookshelf up to 2.27.x. This issue affects some unknown processing of the component Redirect Call Handler. This manipulation causes unprotected transport of credentials. This vulnerability is tracked as CVE-2025-57800. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2025-46411 | Biosig libbiosig 3.9.0 MFER Parser stack-based overflow (TALOS-2025-2236)

Vuldb Updates

4 months ago

A vulnerability described as critical has been identified in Biosig libbiosig 3.9.0. The impacted element is an unknown function of the component MFER Parser. Such manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-46411. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-48005 | Biosig libbiosig 3.9.0 RHS2000 Parser heap-based overflow (TALOS-2025-2240)

Vuldb Updates

4 months ago

A vulnerability classified as critical has been found in Biosig libbiosig 3.9.0. This affects an unknown function of the component RHS2000 Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-48005. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-53511 | Biosig libbiosig 3.9.0 MFER Parser heap-based overflow (TALOS-2025-2237)

Vuldb Updates

4 months ago

A vulnerability, which was classified as critical, was found in Biosig libbiosig 3.9.0. Affected by this vulnerability is an unknown functionality of the component MFER Parser. The manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2025-53511. The attack may be performed from a remote location. There is no available exploit.

vuldb.com

CVE-2025-52461 | Biosig libbiosig 3.9.0 Nex Parser out-of-bounds (TALOS-2025-2238)

Vuldb Updates

4 months ago

A vulnerability was found in Biosig libbiosig 3.9.0. It has been rated as problematic. Impacted is an unknown function of the component Nex Parser. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-52461. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-54813 | Apache Log4cxx up to 1.4.x JSONLayout neutralization for logs

Vuldb Updates

4 months ago

A vulnerability categorized as problematic has been discovered in Apache Log4cxx up to 1.4.x. This vulnerability affects unknown code of the component JSONLayout. The manipulation results in improper output neutralization for logs. This vulnerability is identified as CVE-2025-54813. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-54812 | Apache Log4cxx up to 1.4.x HTMLLayout HTML injection

Vuldb Updates

4 months ago

A vulnerability, which was classified as problematic, has been found in Apache Log4cxx up to 1.4.x. This affects an unknown part of the component HTMLLayout. Performing manipulation results in HTML injection. This vulnerability is reported as CVE-2025-54812. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-26467 | Apache Cassandra 4.0.16 permission (EUVD-2025-25767)

Vuldb Updates

4 months ago

A vulnerability classified as critical was found in Apache Cassandra 4.0.16. Affected by this issue is some unknown functionality. Such manipulation leads to permission issues. This vulnerability is traded as CVE-2025-26467. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-52581 | Biosig libbiosig 3.9.0 GDF Parser integer overflow (TALOS-2025-2233 / EUVD-2025-25668)

Vuldb Updates

4 months ago

A vulnerability, which was classified as critical, has been found in Biosig libbiosig 3.9.0. Affected is an unknown function of the component GDF Parser. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2025-52581. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

CVE-2025-48443 | Trend Micro Password Manager link following (EUVD-2025-18565)

Vuldb Updates

4 months ago

A vulnerability, which was classified as critical, was found in Trend Micro Password Manager. This vulnerability affects unknown code. Executing manipulation can lead to link following. This vulnerability is registered as CVE-2025-48443. The attack needs to be launched locally. No exploit is available. You should upgrade the affected component.

vuldb.com

CVE-2025-47933 | argocd Argo CD Repository Page cross site scripting (Nessus ID 237422)

Vuldb Updates

4 months ago

A vulnerability marked as problematic has been reported in argocd. This vulnerability affects unknown code of the component Argo CD Repository Page. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-47933. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

vuldb.com

New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access

Cyber Security News

4 months ago

A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his wife with an infallible javelin, represents a concerning evolution in ransomware deployment techniques. Cephalus distinguishes […]

The post New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access appeared first on Cyber Security News.

Tushar Subhra Dutta

IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform

4 months ago

A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk in environments where multiple administrators share firewall management duties. Details of the Flaw The vulnerability […]

The post IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya