Aggregator

已修复

目前尚无遭利用证据

当前环境出现异常问题，需完成验证操作后方可继续访问相关内容或功能。

当前环境出现异常，需完成验证后才能继续访问。

Introducing Akamai’s new product that blends proactive testing, expert analysis, and tailored optimization to help APIs stay reliable, responsive, and compliant.

A vulnerability classified as problematic has been found in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. This vulnerability is known as CVE-2025-10909. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A severe Stored Cross-Site Scripting (XSS) vulnerability in the Prompt module of the DNN Platform enables low-privilege attackers to inject and execute arbitrary scripts in the context of privileged users. Published as GHSA-2qxc-mf4x-wr29 by Daniel Valadas yesterday, this vulnerability affects all versions of the DotNetNuke.Core package prior to 10.1.0 and carries a CVSS v3.1 base […]

The post Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

网络安全保险的有效性依赖于企业的应急响应计划是否完善。关键在于事件发生后24小时内的行动，包括通知保险公司、联系法律顾问等。构建符合要求的计划需预先准备和演练，并将应急计划视为法律文件。

Submit #651379 / VDB-325696

2025年3月11日，一个普通的周二早晨，从奎达开往白沙瓦的杰弗快车正常驶入博兰山口。乘客们或许正在打盹，或

A vulnerability described as critical has been identified in WAGO Device Sphere and Solution Builder. The affected element is an unknown function. Such manipulation leads to missing authentication. This vulnerability is traded as CVE-2025-41715. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability marked as critical has been reported in WAGO Solution Builder up to 2.3.2. Impacted is an unknown function. This manipulation causes missing authentication. This vulnerability appears as CVE-2025-41716. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability labeled as problematic has been found in DivvyDrive Web. This issue affects some unknown processing. The manipulation results in observable timing discrepancy. This vulnerability is reported as CVE-2025-9031. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in Apache ZooKeeper up to 3.9.3. This vulnerability affects unknown code of the component AdminServer Interface. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is documented as CVE-2025-58457. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Libraesva has issued an emergency patch for a significant command injection vulnerability in its Email Security Gateway (ESG) after confirming state-sponsored hackers exploited it. The flaw, identified as CVE-2025-59689, allowed attackers to execute arbitrary commands by sending a malicious email with a specially crafted compressed attachment. The company responded by deploying an automated fix to […]

The post Hackers Exploiting Libraesva Email Security Gateway Vulnerability to Inject Malicious Commands appeared first on Cyber Security News.

Learn why seamless security and trust by design are vital for digital platforms, driving growth, user loyalty, and long-term success online.

The post Trust by Design: Why Seamless Security Defines the Future of Digital Platforms appeared first on Security Boulevard.

The equipment could be used to disable cell phone towers and conduct denial-of-services attacks across New York City

US CISA revealed that threat actors exploited an unpatched vulnerability in GeoServer to breach a U.S. federal civilian agency’s network. Threat actors breached a U.S. federal agency via unpatched GeoServer flaw, tracked as CVE-2024-36401 (CVSS score of 9.8), which is a critical remote code execution (RCE) issue. In mid-July 2024, the U.S. Cybersecurity and Infrastructure […]

美国CISA披露威胁分子利用GeoServer漏洞CVE-2024-36401入侵联邦机构网络,导致远程代码执行。攻击者横向移动并部署恶意软件,利用公开工具和LOTL技术逃避检测。CISA强调及时修补漏洞和加强安全措施的重要性。

美国空军第16航空队寻求集成网络持续监控和定向防御