Aggregator

A vulnerability was found in Ryan Demmer Joomla Content Editor 1.0.4/1.1.0 Beta2. It has been declared as critical. This vulnerability affects unknown code of the component File Upload. The manipulation leads to privilege escalation. This vulnerability was named CVE-2012-2902. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HP Performance Manager 9.00. It has been classified as very critical. This affects an unknown part. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2012-0127. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Demandmedia Pluck SiteLife up to 5.0.11. This affects an unknown part. The manipulation of the argument cb leads to cross site scripting. This vulnerability is uniquely identified as CVE-2012-0253. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in wonderdesk WonderDesk SQL 4.14. This affects an unknown part of the file wonderdesk.cgi. The manipulation of the argument cus_email leads to cross site scripting. This vulnerability is uniquely identified as CVE-2012-1788. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Dell Powervault Ml6020. It has been declared as problematic. This vulnerability affects unknown code of the file saveRestore.htm. The manipulation of the argument fileName leads to cross-site request forgery. This vulnerability was named CVE-2012-1843. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

今天给大家推送一些生物安全相关研究报告。

ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]

When Skybox Security shut down, it raised real concerns for me, not just about employment, but about how the situation could affect the professional credibility I’ve built over nearly 25...

The post From Stranded to Supported: Helping My Customers Land Safely with FireMon appeared first on Security Boulevard.

Google Forms, the tech giant’s widely used survey tool, has become a favored weapon in cybercriminals’ arsenal. It enables them to bypass sophisticated email security filters and harvest sensitive credentials.  Security researchers have identified a surge in attacks that leverage this trusted platform to create convincing phishing campaigns that exploit users’ inherent trust in Google’s […]

The post Hackers Weaponized Google Forms to Evade Email Security & Steal Logins appeared first on Cyber Security News.

The FBI found that cybercrime losses climbed by 33% compared to 2023, driven by tactics like investment fraud and BEC

Which cybersecurity metrics should SOC teams be tracking to measure their success in detecting and responding to threats?

Currently trending CVE - Hype Score: 12 - In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

A vulnerability was found in Ivanti LANDesk Management Suite up to 4.2-1.9 and classified as problematic. Affected by this issue is some unknown functionality of the file /client/index.php. The manipulation with the input %3F.php leads to incorrect behavior order: validate before canonicalize. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-43716. The attack may be launched remotely. Furthermore, there is an exploit available.

A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System (NFS) service without proper authorization.  The vulnerability, tracked as CVE-2025-1021 and detailed in a security advisory, was resolved in recent updates and affects multiple versions of the popular […]

The post Synology Network File System Vulnerability Let Read Any File appeared first on Cyber Security News.

Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.  These critical flaws, discovered in wallets including Stellar Freighter, Frontier Wallet, and Coin98, represent a significant shift in attack vectors against crypto users. Unlike traditional phishing attacks that require users to approve malicious transactions, these vulnerabilities allow […]

The post Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds appeared first on Cyber Security News.

A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective. The vulnerability, tracked as CVE-2025-0618, was disclosed today and highlights the ongoing challenges in securing endpoint protection platforms against sophisticated threat actors. FireEye EDR Agent DoS Vulnerability The newly […]

The post FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.