Aggregator

CVE-2025-48962 | Acronis Cyber Protect 16 up to 39937 server-side request forgery (EUVD-2025-16876)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability has been found in Acronis Cyber Protect 16 up to 39937 and classified as critical. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-48962. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

New Firefox Feature Automatically Detects Malicious Extensions by Behavior

Cyber Security News
6 months 3 weeks ago

A sophisticated new security feature has been released by Firefox designed to automatically identify and neutralize malicious browser extensions before they can compromise user data. The implementation comes as crypto wallet scams continue to surge globally, with the FBI reporting $16.6 billion in cryptocurrency-related fraud losses in 2024 alone.  Mozilla’s Add-ons Operations team has developed […]

The post New Firefox Feature Automatically Detects Malicious Extensions by Behavior appeared first on Cyber Security News.

Guru Baran

CVE-2025-5685 | Tenda CH22 1.0.0.1 /goform/Natlimit formNatlimit page stack-based overflow

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Tenda CH22 1.0.0.1. This affects the function formNatlimit of the file /goform/Natlimit. The manipulation of the argument page leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-5685. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-1701 | MIM Admin Service up to 7.2.12/7.3.7/7.4.2 RMI Interface input validation (EUVD-2025-16870)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in MIM Admin Service up to 7.2.12/7.3.7/7.4.2. Affected by this issue is some unknown functionality of the component RMI Interface. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2025-1701. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules 

Anyrun
6 months 3 weeks ago

We’ve packed May with updates to make your experience smoother and your threat detection even sharper. Whether you’re just getting started or knee-deep in malware every day, these changes are here to save you time and give you better insights.  In this update:  Take a look below to see how these updates can help you […]

The post Release Notes: TAXII Support for TI Feeds, New Sandbox Onboarding, and 900+ Detection Rules  appeared first on ANY.RUN's Cybersecurity Blog.

ANY.RUN

特朗普政府的 2026 年预算将为商业火星探索拨款逾 10 亿美元

Solidot
6 months 3 weeks ago
特朗普政府的 2026 年预算提案将为私营部门领导的商业火星探索拨款逾 10 亿美元,与此同时 NASA 的预算则被削减了四分之一。NASA 的科研项目预计将面临重创,此外特朗普政府收回了任命亿万富翁 Jared Isaacman 为 NASA 局长的提议,一个原因可能与马斯克(Elon Musk)退出特朗普的核心圈子有关,Jared Isaacman 是马斯克青睐的人选,曾搭乘 SpaceX 的飞船多次飞到地球轨道。另一个原因据 NYT 报道称,Isaacman 曾向民主党捐款,招致特朗普的不满。

HPE fixed multiple flaws in its StoreOnce software

Security Affairs
6 months 3 weeks ago
Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. “Potential security vulnerabilities have been identified in HPE StoreOnce Software.” reads the advisory. “These […]
Pierluigi Paganini

Nederland en Tsjechië versterken samenwerking op defensie-industrie

Defensie.nl - Nieuwsberichten
6 months 3 weeks ago
“We moeten volop blijven inzetten op het versterken van onze krijgsmacht en defensie-industrie. Alleen zo schrikken we vijanden af en kunnen we Oekraïne onverminderd blijven steunen.” Dit benadrukte minister Ruben Brekelmans vandaag in Tsjechië. Hij sloot aan bij het Nederlandse staatsbezoek daar. ‘En marge’ daarvan was hij bij de ondertekening van een overeenkomst tussen de defensie-industrieën van beide landen.

CVE-2025-5680 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 Groovy Script SysScriptController.java executeScript script deserialization (ICAPT5)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as critical was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected by this vulnerability is the function executeScript of the file /src/main/java/com/dstz/sys/rest/controller/SysScriptController.java of the component Groovy Script Handler. The manipulation of the argument script leads to deserialization. This vulnerability is known as CVE-2025-5680. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5679 | Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0 SysToolsController.java parseStrByFreeMarker str deserialization (ICAQWG)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as critical has been found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 2.5.0. Affected is the function parseStrByFreeMarker of the file /src/main/java/com/dstz/sys/rest/controller/SysToolsController.java. The manipulation of the argument str leads to deserialization. This vulnerability is traded as CVE-2025-5679. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5677 | Campcodes Online Recruitment Management System 1.0 ajax.php?action=save_application position_id sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The identification of this vulnerability is CVE-2025-5677. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5676 | Campcodes Online Recruitment Management System 1.0 ajax.php?action=login Username sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. This vulnerability was named CVE-2025-5676. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5675 | Campcodes Online Teacher Record Management System 1.0 bwdates-reports-details.php fromdate/todate sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Campcodes Online Teacher Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /trms/admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5675. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5674 | code-projects Patient Record Management System 1.0 urinalysis_form.php urinalysis_id sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file urinalysis_form.php. The manipulation of the argument urinalysis_id leads to sql injection. This vulnerability is handled as CVE-2025-5674. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad