Aggregator

CVE-2025-41760 | MBS UBR-01 Mk II/UBR-02/UBR-LON prior 6.0.1.0 Network Traffic failing open (mbs-2025-0001 / EUVD-2025-208367)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability identified as problematic has been detected in MBS UBR-01 Mk II, UBR-02 and UBR-LON. Affected is an unknown function of the component Network Traffic Handler. The manipulation leads to not failing securely. This vulnerability is traded as CVE-2025-41760. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-41758 | MBS UBR-01 Mk II/UBR-02/UBR-LON prior 6.0.1.0 wwupload.cgi path traversal (mbs-2025-0001 / EUVD-2025-208363)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability categorized as critical has been discovered in MBS UBR-01 Mk II, UBR-02 and UBR-LON. This impacts an unknown function of the file wwupload.cgi. Executing a manipulation can lead to path traversal. This vulnerability appears as CVE-2025-41758. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-41755 | MBS UBR-01 Mk II/UBR-02/UBR-LON prior 6.0.1.0 Endpoint wwwubr.cgi some_number path traversal (mbs-2025-0001 / EUVD-2025-208357)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability was found in MBS UBR-01 Mk II, UBR-02 and UBR-LON. It has been rated as critical. This affects an unknown function of the file wwwubr.cgi of the component Endpoint. Performing a manipulation of the argument some_number results in path traversal. This vulnerability is reported as CVE-2025-41755. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

CVE-2025-41765 | MBS UBR-01 Mk II/UBR-02/UBR-LON prior 6.0.1.0 wwwupload.cgi authorization (mbs-2025-0001 / EUVD-2025-208377)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability was found in MBS UBR-01 Mk II, UBR-02 and UBR-LON. It has been declared as critical. The impacted element is an unknown function of the file wwwupload.cgi. Such manipulation leads to missing authorization. This vulnerability is documented as CVE-2025-41765. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40639 | Eventobot calculate_discount.php promo_send sql injection (EUVD-2025-208400)

VulDB Recent Entries
2 weeks 5 days ago
A vulnerability was found in Eventobot. It has been classified as critical. The affected element is an unknown function of the file /assets/php/calculate_discount.php. This manipulation of the argument promo_send causes sql injection. This vulnerability is registered as CVE-2025-40639. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com

Using lots of security solutions? How fewer tools lead to more control 

Link 11 (Dosarrest Internet Security Ltd)
2 weeks 5 days ago

In IT security, the following principle often applies: introduce a new tool for every new problem. As a result, many companies have developed a digital patchwork quilt over time. Endpoint protection here, firewalls there, identity management, DDoS protection, WAF, bot management, and API security—everything was purchased, configured, and operated individually.   On paper, this looks like seamless coverage. In operational reality, however, […]

The post Using lots of security solutions? How fewer tools lead to more control  appeared first on Link11.

Link11 Administrator

Cognizant’s TriZetto Provider Solutions data breach impacted over 3.4 million patients

Security Affairs
2 weeks 5 days ago
A breach at Cognizant’s TriZetto Provider Solutions exposed sensitive health data belonging to more than 3.4 million patients. A data breach at Cognizant’s TriZetto Provider Solutions exposed sensitive information belonging to more than 3.4 million patients. At this time, no ransomware group has claimed responsibility for the attack yet. TriZetto Provider Solutions is a healthcare […]
Pierluigi Paganini

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Help Net Security
2 weeks 5 days ago

Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting it on a lookalike domain, and paying Google to surface those fake pages on the top of its results when users ask how to “install Claude Code”, “Claude Code CLI”, or simply “Claude Code”. All links … More →

The post Fake Claude Code install pages highlight rise of “InstallFix” attacks appeared first on Help Net Security.

Zeljka Zorz

Managed ad