Aggregator

CVE-2025-8004 | Ashlar-Vellum Cobalt XE File Parser out-of-bounds (EUVD-2025-29784)

4 months 4 weeks ago

A vulnerability has been found in Ashlar-Vellum Cobalt and classified as critical. This vulnerability affects unknown code of the component XE File Parser. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-8004. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2025-8006 | Ashlar-Vellum Cobalt XE File Parser out-of-bounds (EUVD-2025-29782)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Ashlar-Vellum Cobalt and classified as critical. This issue affects some unknown processing of the component XE File Parser. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2025-8006. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2025-8001 | Ashlar-Vellum Cobalt CO File Parser memory corruption (EUVD-2025-29786)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Ashlar-Vellum Cobalt. It has been classified as critical. Impacted is an unknown function of the component CO File Parser. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2025-8001. The attack may be initiated remotely. There is no available exploit.

vuldb.com

CVE-2025-8002 | Ashlar-Vellum Cobalt CO File Parser type confusion (EUVD-2025-29783)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Ashlar-Vellum Cobalt. It has been declared as critical. The affected element is an unknown function of the component CO File Parser. The manipulation results in type confusion. This vulnerability is cataloged as CVE-2025-8002. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2025-7993 | Ashlar-Vellum Cobalt LI File Parser use after free (EUVD-2025-29781)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in Ashlar-Vellum Cobalt. It has been rated as critical. The impacted element is an unknown function of the component LI File Parser. This manipulation causes use after free. This vulnerability is registered as CVE-2025-7993. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-8005 | Ashlar-Vellum Cobalt XE File Parser type confusion (EUVD-2025-29785)

Vuldb Updates

4 months 4 weeks ago

A vulnerability identified as critical has been detected in Ashlar-Vellum Cobalt. This impacts an unknown function of the component XE File Parser. Performing manipulation results in type confusion. This vulnerability is reported as CVE-2025-8005. The attack is possible to be carried out remotely. No exploit exists.

vuldb.com

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

Bleeping Computer.

4 months 4 weeks ago

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. [...]

Lawrence Abrams

Qilin

Dark Feed IO

4 months 4 weeks ago

You must login to view this content

cohenido

How NHIs Can Help You Relax About Security

Security Boulevard

4 months 4 weeks ago

Navigating the Landscape of Cybersecurity: Do NHIs Hold the Key? Are you searching for a stress-free solution to safeguard your organization’s data? Understanding the intricacies of Non-Human Identities (NHIs) and Secrets Security Management can offer immense value, providing a promising pathway to achieving NHI security relaxation. Understanding NHIs: The Unseen Protectors What lurks beneath often […]

The post How NHIs Can Help You Relax About Security appeared first on Entro.

The post How NHIs Can Help You Relax About Security appeared first on Security Boulevard.

Alison Mack

Getting Better Results from NHI Security

Security Boulevard

4 months 4 weeks ago

How Can We Achieve Better NHI Security? Cloud environment security is an integral part of cybersecurity strategies for businesses operating across financial services, healthcare, travel, and more. How can organizations unlock improved results and ensure robust Non-Human Identities (NHIs) security? A strategic approach to NHI management can bridge the gap between security and research & […]

The post Getting Better Results from NHI Security appeared first on Entro.

The post Getting Better Results from NHI Security appeared first on Security Boulevard.

Alison Mack

CVE-2024-32652 | honojs node-server up to 1.10.0 exceptional condition (ID 159)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in honojs node-server up to 1.10.0. It has been declared as problematic. The affected element is an unknown function. Executing manipulation can lead to handling of exceptional conditions. This vulnerability is tracked as CVE-2024-32652. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-32869 | hono 1.3.0/1.4.0/3.11.7 serveStatic path traversal

Vuldb Updates

4 months 4 weeks ago

A vulnerability, which was classified as critical, has been found in hono 1.3.0/1.4.0/3.11.7. This issue affects the function serveStatic. The manipulation leads to path traversal. This vulnerability is referenced as CVE-2024-32869. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-58448 | rAthena PartyBooking WorldName sql injection (GHSA-x99j-36m7-4vv7)

Vuldb Updates

4 months 4 weeks ago

A vulnerability identified as critical has been detected in rAthena. Affected is an unknown function of the component PartyBooking. The manipulation of the argument WorldName leads to sql injection. This vulnerability is referenced as CVE-2025-58448. Remote exploitation of the attack is possible. No exploit is available. It is suggested to install a patch to address this issue.

vuldb.com

CVE-2025-58750 | rAthena chclif_parse_moveCharSlot memory corruption (GHSA-pjh7-jgr8-4ff6)

Vuldb Updates

4 months 4 weeks ago

A vulnerability labeled as critical has been found in rAthena. Affected by this vulnerability is the function chclif_parse_moveCharSlot. The manipulation results in memory corruption. This vulnerability is identified as CVE-2025-58750. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

vuldb.com

CVE-2025-43884 | Dell PowerProtect Data Manager 19.19/19.20 os command injection (dsa-2025-326 / EUVD-2025-27580)

Vuldb Updates

4 months 4 weeks ago

A vulnerability, which was classified as critical, has been found in Dell PowerProtect Data Manager 19.19/19.20. The affected element is an unknown function. This manipulation causes os command injection. This vulnerability is tracked as CVE-2025-43884. The attack is restricted to local execution. No exploit exists.

vuldb.com

CVE-2024-48913 | hono up to 4.6.4 Content-Type Header cross-site request forgery (GHSA-2234-fmw7-43wr)

Vuldb Updates

4 months 4 weeks ago

A vulnerability was found in hono up to 4.6.4. It has been declared as problematic. This vulnerability affects unknown code of the component Content-Type Header Handler. Executing manipulation can lead to cross-site request forgery. This vulnerability is handled as CVE-2024-48913. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

MuddyWater Hackers Using Custom Malware With Multi-Stage Payloads and Uses Cloudflare to Mask Fingerprints

Cyber Security News

4 months 4 weeks ago

Since early 2025, cybersecurity teams have observed a marked resurgence in operations attributed to MuddyWater, an Iranian state–sponsored advanced persistent threat (APT) actor. Emerging initially through broad remote monitoring and management (RMM) exploits, the group has pivoted to highly targeted campaigns employing custom malware backdoors and multi-stage payloads designed to evade detection. Rather than relying […]

The post MuddyWater Hackers Using Custom Malware With Multi-Stage Payloads and Uses Cloudflare to Mask Fingerprints appeared first on Cyber Security News.

Tushar Subhra Dutta

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

Security Affairs

4 months 4 weeks ago

China-linked group APT41 impersonated a U.S. lawmaker in phishing attacks on government, think tanks, and academics tied to US-China trade and policy. Proofpoint observed China-linked cyber espionage group APT41 impersonating a U.S. lawmaker in a phishing campaign targeting government, think tanks, and academics tied to U.S.-China trade and policy. APT41, known also as Amoeba, BARIUM, […]

Pierluigi Paganini

Attack on SonicWall’s cloud portal exposes customers’ firewall configurations

CyberScoop

4 months 4 weeks ago

The company confirmed to CyberScoop that an unidentified cybercriminal accessed SonicWall’s customer portal through a series of brute-force attacks.

The post Attack on SonicWall’s cloud portal exposes customers’ firewall configurations appeared first on CyberScoop.

Matt Kapko

Zero Day Malware

Security Boulevard

4 months 4 weeks ago

Cybersecurity is a race against time. Every day, businesses face sophisticated threats designed to exploit the smallest vulnerabilities. Among the most dangerous of these are Zero Day Malware attacks — malicious software that targets unknown flaws before vendors or defenders even know they exist. Zero day malware represents the pinnacle of stealth and danger. Unlike

The post Zero Day Malware appeared first on Seceon Inc.

The post Zero Day Malware appeared first on Security Boulevard.

Pushpendra Mishra

Aggregator

Managed ad