Aggregator

A vulnerability, which was classified as problematic, was found in Export User Plugin up to 2.0 on MyBB. Affected is an unknown function. The manipulation of the argument Custom User Title/Location/Bio leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2023-27890. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Mozilla Firefox up to 110 on Android and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2023-25749. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Regional APT Threat Situation Overview In March 2025, the global threat hunting system of NSFOCUS Fuying Laboratory discovered a total of 19 APT attack activities. These activities were mainly distributed in South Asia, East Asia, Eastern Europe, and South America, as shown in the following figure. In terms of group activity, the most active APT […]

The post NSFOCUS APT Monthly Briefing – March 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post NSFOCUS APT Monthly Briefing – March 2025 appeared first on Security Boulevard.

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. African multinational telco giant MTN Group disclosed a data breach CEO of cybersecurity firm charged with installing malware […]

A vulnerability was found in Mozilla Firefox up to 110 and classified as problematic. Affected by this issue is some unknown functionality of the component ServiceWorker. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2023-25750. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

ИИ, конечно, умный. Но сказку про "плохого помощника" он всё равно купил.

A vulnerability, which was classified as problematic, was found in Check Point Mobile Access R81.10/R81.20/R82. This affects an unknown part of the component Portal. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-52888. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Check Point Mobile Access R81.10/R81.20/R82. Affected by this issue is some unknown functionality of the component SNX Bookmark Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-52887. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-46577. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in NASA CryptoLib up to 1.3.1. Affected is an unknown function of the component Key State Handler. The manipulation leads to dynamically-managed code resources. This vulnerability is traded as CVE-2025-46675. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in NASA CryptoLib up to 1.3.1. It has been rated as problematic. This issue affects some unknown processing of the component OTAR Crypto Handler. The manipulation leads to unchecked return value. The identification of this vulnerability is CVE-2025-46672. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Artifex Ghostscript up to 10.04.x. It has been declared as problematic. This vulnerability affects the function decode_utf8 of the file base/gp_utf8.c. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-46646. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01/Lite7.2.01.01. It has been classified as problematic. This affects an unknown part. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2025-46575. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01/Lite7.2.01.01 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2025-46574. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in ZTE GoldenDB up to 6.1.03.10 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-46580. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in NASA CryptoLib up to 1.3.1. Affected is an unknown function of the component Space Data Link Security Protocol Handler. The manipulation leads to dynamically-managed code resources. This vulnerability is traded as CVE-2025-46673. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in HackMD CodiMD up to 2.5.4. This issue affects some unknown processing of the component Content-Security-Policy Header Handler. The manipulation leads to improper protection of alternate path. The identification of this vulnerability is CVE-2025-46655. The attack may be initiated remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability classified as problematic was found in HackMD CodiMD up to 2.2.0. This vulnerability affects unknown code. The manipulation leads to improper protection of alternate path. This vulnerability was named CVE-2025-46654. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01. This affects an unknown part of the component DDE Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2025-46579. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-46578. The attack may be launched remotely. There is no exploit available.