Aggregator

A vulnerability was found in SolidState. It has been rated as critical. Affected by this issue is some unknown functionality of the file BrowseAccountsPage.class.php. The manipulation of the argument base_path leads to improper privilege management. This vulnerability is handled as CVE-2006-5020. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in SolidState. This affects an unknown part of the file ConfigureNewUserPage.class.php. The manipulation of the argument base_path leads to improper privilege management. This vulnerability is uniquely identified as CVE-2006-5020. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in SolidState. This vulnerability affects unknown code of the file ConfigureNewUserReceiptPage.class.php. The manipulation of the argument base_path leads to improper privilege management. This vulnerability was named CVE-2006-5020. The attack can be initiated remotely. Furthermore, there is an exploit available.

A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected resources. The bug, CVE-2025-31492, patched in version 2.4.16.11, affects systems using OIDCProviderAuthRequestMethod POST without an application-level gateway or load balancer. Technical Breakdown The vulnerability stems from improper handling of authentication requests when the POST method is configured. Under specific conditions: Attackers triggering a request […]

The post Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Xpdf up to 4.05 and classified as critical. Affected by this issue is some unknown functionality of the component Object Stream Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-3247. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Xpdf up to 4.05. It has been declared as critical. This vulnerability affects unknown code of the component Attachment Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-3248. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component V8. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2024-3156. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Lime Survey Community Edition 5.3.32+220817. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component General Setting. The manipulation of the argument Administrator email address leads to cross site scripting. This vulnerability is known as CVE-2024-24506. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in WooCommerce Cart Abandonment Recovery Plugin up to 1.2.26 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Email Template Handler. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-2322. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Bookmarks. The manipulation leads to use after free. This vulnerability is known as CVE-2024-3158. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as problematic. Affected is an unknown function of the component V8. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2024-3159. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in AYS Pro Plugins Survey Maker Plugin up to 3.6.3 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2023-34423. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in

CVE-2025-24813 Tomcat 最新 RCE 分析复现

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and tighter control over TLS behavior. Default behaviors reworked OpenSSL 3.5.0 makes several potentially incompatible changes to default settings. Notably, the default encryption cipher for the req, cms, and smime command-line utilities has changed from the aging … More →

The post OpenSSL prepares for a quantum future with 3.5.0 release appeared first on Help Net Security.

Index Engines announced CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense’s highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. “As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast … More →

The post Index Engines CyberSense 8.10 strengthens AI-driven cyber resilience appeared first on Help Net Security.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2025-30406 (CVSS score: 9.0), concerns a case of a hard-coded cryptographic key that could be abused to achieve remote

PCI DSS 4.0 compliance raises the regulatory bar with stricter authentication, continuous monitoring and tighter third-party oversight.

The post PCI DSS 4.0: Time to Pay Up, Securely  appeared first on Security Boulevard.

FT 报道，美国最近几周吊销了逾 500 名外国学生的签证。从事国际教育和交流的大学和个人组成的网络 Nafsa 通过汇总全美高等教育机构的报告，已经发现了 500 起撤销签证的事件。“在许多层面上，这是一个未知领域，”Nafsa 的首席执行官 Fanta Aw 说。“这达到了前所未有的程度，这很令人担忧，因为缺乏清晰性正在引发焦虑。”吊销签证事件通常是在联邦移民记录更新后学校才发现，受影响的包括在校学生和应届毕业生。这些事件中最引人瞩目的一起是土耳其博士生 Rumeysa Ozturk 在街上被联邦特工拘留。已有学生提起诉讼，指控他们的签证未经正当程序被吊销。

A vulnerability was found in Microsoft Office. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-29792. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.