Aggregator

A vulnerability was found in Tenda CH22 1.0.0.1 and classified as critical. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2025-9007. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda CH22 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2025-9006. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #628874 / VDB-320041

Submit #628873 / VDB-320040

Submit #628871 / VDB-320039

A vulnerability, which was classified as problematic, was found in mtons mblog up to 3.5.0. Affected is an unknown function of the file /register. The manipulation leads to information exposure through error message. This vulnerability is traded as CVE-2025-9005. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #628867 / VDB-320036

Submit #628845 / VDB-320035

A vulnerability, which was classified as problematic, has been found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authentication attempts. The identification of this vulnerability is CVE-2025-9004. The attack may be initiated remotely. Furthermore, there is an exploit available.

In general, cryptographic agility refers to a system’s ability to replace or adapt cryptographic algorithms, parameters, or protocols—like key lengths or hashing methods—smoothly and without interruptions. This capability is especially critical when vulnerabilities emerge or when migrating to quantum-resistant algorithms.

The post What Is Crypto-Agility? appeared first on TrustFour: Workload and Non-Human Identity Attack Surface Security.

The post What Is Crypto-Agility? appeared first on Security Boulevard.

Submit #628837 / VDB-311105

Submit #628787 / VDB-320034

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s security appliances.

The post Fortinet SIEM issue coincides with spike in brute-force traffic against company’s SSL VPNs appeared first on CyberScoop.

Submit #628785 / VDB-320033

Artificial Intelligence (AI) is quickly changing modern enterprises, but harnessing its full potential demands not only excellent models, but infrastructure expertise. Google Kubernetes Engine (GKE) has emerged as a foundation for AI innovation, providing a platform that combines cloud-native flexibility, enterprise-grade security, and seamless access to advanced accelerators. In a recent webinar, I joined Tom Viilo (Head of Alliances) and Guilhem Tesseyre (CTO and Co-Founder) of Zencore for a deep dive into how technical leaders can design, optimize, and operate GKE environments for AI at scale.

The post How to Build, Optimize, & Manage AI on Google Kubernetes Engine appeared first on Security Boulevard.

Submit #628770 / VDB-290790

Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. [...]

A vulnerability classified as problematic was found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-9003. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2025-49457: Zoom Clients for Windows: Untrusted Search Path Vulnerability