Aggregator

Currently trending CVE - Hype Score: 16 - A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček ...

Currently trending CVE - Hype Score: 19 - Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with Item/Build permission to inject arbitrary values into Git parameters.

Currently trending CVE - Hype Score: 13 - An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP ...

Currently trending CVE - Hype Score: 20 - ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel ...

Currently trending CVE - Hype Score: 18 - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to access protected user data.

Currently trending CVE - Hype Score: 1 - An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. This issue affects SonicWall Firewall Gen 5 and Gen 6 devices, ...

Currently trending CVE - Hype Score: 40 - mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

Currently trending CVE - Hype Score: 44 - On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, ...

Currently trending CVE - Hype Score: 3 - A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.

Currently trending CVE - Hype Score: 12 - A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not ...

Name: Startpwn CTF 2025 (an Starpwn CTF event.)
Date: Aug. 8, 2025, 4 p.m. — 09 Aug. 2025, 19:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://app.metactf.com/starpwn-2025
Rating weight: 0
Event organizers: Visionspace

Google has confirmed that a recently disclosed data breach of one of its Salesforce CRM instances involved the information of potential Google Ads customers. [...]

What Makes Timely and Accurate Breach Reporting So Difficult for Some Organizations?
An Illinois-based brokerage firm that works with employers, businesses and consumers to obtain various types of insurance coverage is notifying nearly 156,000 people that their protected health information was compromised in a data theft hack that occurred more than a year ago. Why the delay?

ENISA's Laura Heuvinck Shares Index Findings, Implications for EU Cybersecurity
In the latest EU Cybersecurity Index, member states scored an average of 64.51 out of 100, reflecting a moderately strong level of preparedness for cyber incidents. ENISA's Laura Heuvinck breaks down the findings and key areas for improving Europe's cybersecurity posture.

Telecom May Face Up to $2.22 Million Per Violation in Fines
The Australian privacy watchdog sued Optus, saying the country's second largest telecom failed for years to protect sensitive customer data breached during a September 2022 incident affecting nearly 10 million people. The regulator said Optus faces a potential fine of up to AU$21.9 trillion.

A vulnerability classified as problematic has been found in GNOME libsoup up to 3.6.0. Affected is an unknown function of the component WebSocket Data Handler. The manipulation leads to uncontrolled memory allocation. This vulnerability is traded as CVE-2024-52532. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.