Aggregator

A vulnerability was found in Bootstrap Multiselect up to 1.1.2 and classified as problematic. This issue affects some unknown processing of the file post.php. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-47204. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Adobe InDesign Desktop up to 19.5.2/20.2. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-30318. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe InDesign Desktop up to 19.5.2/20.2. Affected by this issue is some unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2025-30319. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Adobe InDesign Desktop up to 19.5.2/20.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2025-30320. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Dreamweaver Desktop up to 21.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to type confusion. This vulnerability is known as CVE-2025-30310. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in PuneethReddyHC Event Management 1.0. Affected is an unknown function of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to cross site scripting. This vulnerability is traded as CVE-2024-3433. It is possible to launch the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in PuneethReddyHC Event Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /backend/register.php. The manipulation of the argument event_id/full_name/email/mobile/college/branch leads to sql injection. The identification of this vulnerability is CVE-2024-3432. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. Our investigation indicates that a second CVE-2024-28322 was assigned to this entry.

A vulnerability classified as critical has been found in SiYuan 3.1.18. Affected is an unknown function of the file /api/history/getDocHistoryContent. The manipulation leads to incomplete cleanup. This vulnerability is traded as CVE-2025-21609. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2024-12941. The attack may be initiated remotely. Furthermore, there is an exploit available.

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect malicious .desktop files, a novel attack vector leveraged by threat actors to compromise systems. Initially documented by Zscaler researchers in 2023, this technique involves the abuse of .desktop files-plain text configuration files used to define application launch behavior in Linux desktop […]

The post Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BOULDER, Colo.– Strata Identity, the Identity Orchestration company, today announced it has been named an Example Vendor in the 2025 Gartner Guidance for Workforce Access Management report by Paul Rabinovich. As noted in the report, “this research helps identity architects to modernize their AM implementations.” Orchestrated authentication that adapts to any identity system Strata’s Maverics platform modernizes...

The post Named an Example Vendor in 2025 Gartner® Guidance for Workforce Access Management Report appeared first on Strata.io.

The post Named an Example Vendor in 2025 Gartner® Guidance for Workforce Access Management Report appeared first on Security Boulevard.

Alleged Sale of Unauthorized Web Shell Access to Multiple Unidentified Websites

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in Photoshop 2024 and 2025 that could enable arbitrary code execution on Windows and macOS systems. The flaws, discovered by external researcher yjdfy through Adobe’s HackerOne bug bounty program, involve memory corruption risks stemming from integer manipulation and uninitialized pointer access. While […]

The post New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Adobe has issued an urgent security update for its widely used graphic design software, Adobe Illustrator, following the discovery of a critical heap-based buffer overflow vulnerability tracked as CVE-2025-30330. This flaw, which allows arbitrary code execution on affected systems, impacts both Windows and macOS versions of Illustrator 2024 and 2025. Rated with a CVSS score […]

The post Severe Adobe Illustrator Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A new attack vector where cybercriminals are weaponizing Google Calendar invites to deliver malware, using a sophisticated obfuscation technique involving just a single visible character that hides malicious code. This discovery highlights how threat actors are evolving their tactics to bypass traditional security measures by exploiting trusted platforms. In March 2025, security researchers at Aikido […]

The post Weaponized Google Calendar Invites Delivers Malicious Payload With Just One Character appeared first on Cyber Security News.

A vulnerability was found in WP Content Security Plugin Plugin up to 2.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component CSP-Report Field Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-4579. The attack may be launched remotely. There is no exploit available.

​Microsoft has fixed a known issue preventing Linux from booting on dual-boot systems with Secure Boot enabled after installing the August 2024 Windows security updates. [...]

A vulnerability was found in OpenText Advance Authentication up to 6.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-10864. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Sale of Unauthorized Access to Multiple Government GitLab Servers