Aggregator

A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The identification of this vulnerability is CVE-2025-4733. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in erxes up to 1.6.1. This affects an unknown part of the file /read-file. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-57186. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in erxes up to 1.6.1 and classified as critical. This issue affects the function importHistoriesCreate of the component GraphQL Mutation Handler. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-57189. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Admin Audit Trail up to 1.0.4 on Drupal and classified as problematic. This vulnerability affects unknown code. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-48448. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in haxtheweb haxcms up to 11.0.2 and classified as critical. Affected by this issue is the function gitImportSite of the component HTTP Request Handler. The manipulation of the argument proc_open leads to os command injection. This vulnerability is handled as CVE-2025-49141. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CyberData 011209 SIP Emergency Intercom. Affected by this issue is some unknown functionality. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-26468. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in haxtheweb haxcms up to 10.0.6. It has been classified as problematic. This affects an unknown part of the component iFrame Handler. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2025-49139. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netgear EX3700 up to 1.0.0.88. It has been classified as critical. Affected is the function sub_41619C of the file /mtd. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-5934. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. This vulnerability is handled as CVE-2025-4730. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type/ip_subnet leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-4731. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. This vulnerability is known as CVE-2025-4729. The attack can be launched remotely. Furthermore, there is an exploit available.

The largest distributed denial-of-service (DDoS) attack ever documented was successfully stopped by Cloudflare in mid-May 2025, with attackers unleashing a devastating 7.3 terabits per second (Tbps) attack that delivered 37.4 terabytes of malicious traffic in just 45 seconds.  This unprecedented cyberattack targeted a hosting provider customer using Cloudflare’s Magic Transit service and represents a 12% […]

The post Record Breaking 7.3 Tbps DDoS Attack Blasting 37.4 Terabytes in Just 45 Seconds appeared first on Cyber Security News.

In deze tijd van oorlogsdreiging en razendsnelle geopolitieke ontwikkelingen is de NAVO-top belangrijker dan ooit. Dat belang maakt de top niet alleen interessant voor bezoekers en de media, maar ook voor mensen, groepen of landen die kwaad in de zin hebben. Zij kunnen een bedreiging vormen voor de top en zijn gasten.

Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. [...]

In an era where cyber threats are becoming increasingly sophisticated and quantum computing looms on the horizon, traditional digital security measures must evolve. One of the most critical technologies in software trust and distribution—code signing—is undergoing a significant transformation. CodeSign Secure v3.02 is the next evolution in this domain, bringing post-quantum cryptography (PQC) to the […]

The post CodeSign Secure v3.02: Future of Code Signing with PQC appeared first on Cyber Security News.

Securing the no-code supply chain isn't just about mitigating risks — it's about enabling the business to innovate with confidence.

A vulnerability was found in COROS PACE 3 up to 3.0808.0. It has been classified as problematic. Affected is an unknown function of the component BLE Message Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-48706. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in COROS up to 3.0808.0 and classified as problematic. This issue affects some unknown processing of the component BLE Message Handler. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-48705. The attack needs to be done within the local network. There is no exploit available.

A vulnerability has been found in COROS PACE 3 up to 3.0808.0 and classified as problematic. This vulnerability affects unknown code of the component TLS Handshake Handler. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2025-32878. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in COROS PACE 3 up to 3.0808.0. This affects an unknown part of the component BLE Service. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-32879. The attack can only be done within the local network. There is no exploit available.