Qilin
You must login to view this content
Aggregator
Russian threat actors using old Cisco bug to target critical infrastructure orgs
1 week 1 day ago
A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets include organizations in telecommunications, higher education and manufacturing sectors across North America, Asia, Africa and Europe, with victims selected based on their strategic interest to the Russian government,” Cisco Talos researchers noted. “In the past year, the FBI … More →
The post Russian threat actors using old Cisco bug to target critical infrastructure orgs appeared first on Help Net Security.
Zeljka Zorz
Meta 冻结招聘 AI 工程师
1 week 1 day ago
在招聘了逾 50 名研究人员和工程师后,Meta 暂停了其 AI 部门的招聘。Meta 的一位发言人在一份声明中表示该公司只是在进行基本的组织规划工作,在人员到岗、制定年度预算和展开规划工作之后,为其超级智能项目构建一个稳固的架构。过去几个月,Meta 斥巨资疯狂招募 AI 领域的研究人员,它向 AI 研究员 Matt Deitke 提供了四年 2.5 亿美元的薪酬,平均每年 6250 万美元,第一年有机会拿到 1 亿美元。CEO 扎克伯格(Mark Zuckerberg)还向一位未公布名字 AI 工程师提供了数年 10 亿美元的薪酬。
CVE-2020-2694 | Oracle MySQL Server up to 8.0.18 Information Schema information disclosure (Nessus ID 253295)
1 week 1 day ago
A vulnerability, which was classified as problematic, was found in Oracle MySQL Server up to 8.0.18. This affects an unknown part of the component Information Schema. The manipulation results in information disclosure.
This vulnerability is known as CVE-2020-2694. It is possible to launch the attack remotely. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2025-50422 | Freedesktop Poppler 25.04.0 PDF Stream Object information disclosure (EUVD-2025-23528 / Nessus ID 253301)
1 week 1 day ago
A vulnerability was found in Freedesktop Poppler 25.04.0. It has been declared as problematic. Affected is an unknown function of the component PDF Stream Object Handler. The manipulation results in information disclosure.
This vulnerability is reported as CVE-2025-50422. The attacker must have access to the local network to execute the attack. No exploit exists.
vuldb.com
CVE-2019-8321 | RubyGems up to 3.0.2 UserInteraction#verbose Escape Sequence argument injection (DLA 2330-1 / Nessus ID 253333)
1 week 1 day ago
A vulnerability labeled as critical has been found in RubyGems up to 3.0.2. The impacted element is the function Gem::UserInteraction#verbose. Executing manipulation as part of Escape Sequence can lead to argument injection.
The identification of this vulnerability is CVE-2019-8321. The attack may be launched remotely. There is no exploit available.
vuldb.com
CVE-2018-1257 | Spring Framework up to 4.3.16/5.0.5 STOMP Regular Expression input validation (RHSA-2018:1809 / Nessus ID 253353)
1 week 1 day ago
A vulnerability was found in Spring Framework up to 4.3.16/5.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component STOMP. Executing manipulation as part of Regular Expression can lead to improper input validation.
The identification of this vulnerability is CVE-2018-1257. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2018-16838 | sssd Group Policy Objects access control (RHSA-2019:2177 / Nessus ID 253355)
1 week 1 day ago
A vulnerability was found in sssd. It has been declared as critical. This issue affects some unknown processing of the component Group Policy Objects Handler. The manipulation results in improper access controls.
This vulnerability is known as CVE-2018-16838. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-54869 | Setasign FPDI up to 2.6.2 PDF Document allocation of resources (GHSA-jxhh-4648-vpp3 / Nessus ID 253368)
1 week 1 day ago
A vulnerability categorized as problematic has been discovered in Setasign FPDI up to 2.6.2. The impacted element is an unknown function of the component PDF Document Handler. Executing manipulation can lead to allocation of resources.
This vulnerability is handled as CVE-2025-54869. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
Alleged Data Sale of JAPAY (Junta de Agua Potable y Alcantarillado de Yucatán)
1 week 1 day ago
Alleged Data Sale of JAPAY (Junta de Agua Potable y Alcantarillado de Yucatán)
Dark Web Informer
Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies
1 week 1 day ago
Researchers have discovered a complex campaign using trojanized software that uses authentic code-signing certificates to avoid detection and turn compromised machines into unintentional residential proxies, according to a recent threat intelligence notice from Expel Security. The operation begins with files bearing the code-signing signature of “GLINT SOFTWARE SDN. BHD.,” a seemingly legitimate entity whose credentials […]
The post Threat Actors Weaponize PDF Editor Trojan to Convert Devices into Proxies appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Aman Mishra
Microsoft asks customers for feedback on reported SSD failures
1 week 1 day ago
Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update. [...]
Sergiu Gatlan
CVE-2024-4813 | Ruijie RG-UAC up to 20240506 interface_commit.php Name os command injection
1 week 1 day ago
A vulnerability was found in Ruijie RG-UAC up to 20240506. It has been classified as critical. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument Name leads to os command injection.
This vulnerability is listed as CVE-2024-4813. The attack may be initiated remotely. In addition, an exploit is available.
Applying a patch is the recommended action to fix this issue.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-4814 | Ruijie RG-UAC up to 20240506 static_route_edit_commit.php oldipmask/oldgateway os command injection
1 week 1 day ago
A vulnerability was found in Ruijie RG-UAC up to 20240506. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway results in os command injection.
This vulnerability is cataloged as CVE-2024-4814. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-4815 | Ruijie RG-UAC up to 20240506 detail.php filename os command injection
1 week 1 day ago
A vulnerability was found in Ruijie RG-UAC up to 20240506. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/bugSolve/viewData/detail.php. This manipulation of the argument filename causes os command injection.
This vulnerability is registered as CVE-2024-4815. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2024-4816 | Ruijie RG-UAC up to 20240506 gre_add_commit.php name/remote/local/IP os command injection
1 week 1 day ago
A vulnerability categorized as critical has been discovered in Ruijie RG-UAC up to 20240506. This affects an unknown part of the file /view/networkConfig/GRE/gre_add_commit.php. Such manipulation of the argument name/remote/local/IP leads to os command injection.
This vulnerability is documented as CVE-2024-4816. The attack can be executed remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-53187 | ABB ASPECT 3.07 code injection
1 week 1 day ago
A vulnerability classified as critical was found in ABB ASPECT 3.07. This impacts an unknown function. Executing manipulation can lead to code injection.
This vulnerability appears as CVE-2025-53187. The attack may be performed from a remote location. There is no available exploit.
Upgrading the affected component is advised.
vuldb.com
CVE-2025-9043 | Seagate Toolkit prior 2.34.0.33 Program.exe unquoted search path
1 week 1 day ago
A vulnerability, which was classified as problematic, was found in Seagate Toolkit. Affected by this vulnerability is an unknown functionality of the file Program.exe. Such manipulation leads to unquoted search path.
This vulnerability is referenced as CVE-2025-9043. The attack can only be performed from a local environment. No exploit is available.
You should upgrade the affected component.
vuldb.com
CVE-2025-57700 | Delta Electronics DIAEnergie up to 1.11.00.002 cross site scripting (PCSA-2025-00012)
1 week 1 day ago
A vulnerability was found in Delta Electronics DIAEnergie up to 1.11.00.002. It has been classified as problematic. The impacted element is an unknown function. This manipulation causes cross site scripting.
This vulnerability is tracked as CVE-2025-57700. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-57701 | Delta Electronics DIAEnergie up to 1.11.00.002 cross site scripting (PCSA-2025-00012)
1 week 1 day ago
A vulnerability was found in Delta Electronics DIAEnergie up to 1.11.00.002. It has been declared as problematic. This affects an unknown function. Such manipulation leads to cross site scripting.
This vulnerability is listed as CVE-2025-57701. The attack may be performed from a remote location. There is no available exploit.
vuldb.com