Aggregator

CVE-2025-38743 | Dell iDRAC Service Module up to 6.0.3.0 buffer access with incorrect length value (dsa-2025-311 / EUVD-2025-25483)

VulDB Recent Entries
1 week 2 days ago
A vulnerability was found in Dell iDRAC Service Module up to 6.0.3.0. It has been rated as critical. This affects an unknown part. This manipulation causes buffer access with incorrect length value. This vulnerability is handled as CVE-2025-38743. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-38742 | Dell iDRAC Service Module up to 6.0.3.0 permission assignment (dsa-2025-311 / EUVD-2025-25485)

VulDB Recent Entries
1 week 2 days ago
A vulnerability was found in Dell iDRAC Service Module up to 6.0.3.0. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2025-38742. Attacking locally is a requirement. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-51989 | Evolution Consulting HRmaster Module 235 keresztnév cross site scripting (EUVD-2025-25487)

VulDB Recent Entries
1 week 2 days ago
A vulnerability was found in Evolution Consulting HRmaster Module 235. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument keresztnév leads to basic cross site scripting. This vulnerability is traded as CVE-2025-51989. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2010-20119 | CommuniCrypt Mail up to 1.16 ANSMTP.dll AddAttachments stack-based overflow (EDB-12663)

VulDB Recent Entries
1 week 2 days ago
A vulnerability was found in CommuniCrypt Mail up to 1.16 and classified as critical. Affected is the function AddAttachments in the library ANSMTP.dll. Executing manipulation can lead to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2010-20119. The attack may be performed from a remote location. In addition, an exploit is available.
vuldb.com

CVE-2025-52351 | Aikaan IoT Management Platform 3.25.0325-5-g2e9c59796 Email activate missing encryption

VulDB Recent Entries
1 week 2 days ago
A vulnerability has been found in Aikaan IoT Management Platform 3.25.0325-5-g2e9c59796 and classified as problematic. This impacts an unknown function of the component Email Handler. Performing manipulation of the argument activate results in missing encryption of sensitive data. This vulnerability is reported as CVE-2025-52351. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-52352 | Aikaan IoT Management Platform 3.25.0325-5-g2e9c59796 Sign-up API Endpoint access control

VulDB Recent Entries
1 week 2 days ago
A vulnerability, which was classified as critical, was found in Aikaan IoT Management Platform 3.25.0325-5-g2e9c59796. This affects an unknown function of the component Sign-up API Endpoint. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2025-52352. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-57768 | Alanaktion phproject up to 1.8.2 /issues/new/ planned_hours cross site scripting (GHSA-mhhg-qx37-g369)

VulDB Recent Entries
1 week 2 days ago
A vulnerability classified as problematic was found in Alanaktion phproject up to 1.8.2. The affected element is an unknown function of the file /issues/new/. The manipulation of the argument planned_hours results in cross site scripting. This vulnerability is cataloged as CVE-2025-57768. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-7051 | N-able N-central up to 2024.6.16 Configuration access control

VulDB Recent Entries
1 week 2 days ago
A vulnerability classified as critical has been found in N-able N-central up to 2024.6.16. Impacted is an unknown function of the component Configuration Handler. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2025-7051. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2010-20111 | Digital Music Pad up to 8.2.3.3.4 pls File File1 stack-based overflow (EDB-15134)

VulDB Recent Entries
1 week 2 days ago
A vulnerability described as critical has been identified in Digital Music Pad up to 8.2.3.3.4. This issue affects some unknown processing of the component pls File Handler. Executing manipulation of the argument File1 can lead to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2010-20111. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2010-20121 | KMiNT21 EasyFTP Server up to 1.7.0.11 CWD Command stack-based overflow (EDB-11668)

VulDB Recent Entries
1 week 2 days ago
A vulnerability marked as critical has been reported in KMiNT21 EasyFTP Server up to 1.7.0.11. This vulnerability affects unknown code of the component CWD Command Handler. Performing manipulation results in stack-based buffer overflow. This vulnerability is identified as CVE-2010-20121. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-57751 | pyload up to 0.5.0b3.dev91 dykpy.evaljs jk resource consumption (GHSA-9gjj-6gj7-c4wj)

VulDB Recent Entries
1 week 2 days ago
A vulnerability labeled as problematic has been found in pyload up to 0.5.0b3.dev91. This affects the function dykpy.evaljs. Such manipulation of the argument jk leads to resource consumption. This vulnerability is referenced as CVE-2025-57751. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

Why Hybrid Deployment Models Are Essential for Secure Agentic AI

Security Boulevard
1 week 2 days ago

If your agentic AI strategy is "cloud-only," you're living in 2015. Welcome to 2025, where 75% of enterprise workloads still run on-premises, and they're not moving to the cloud just because you deployed some agents.

The post Why Hybrid Deployment Models Are Essential for Secure Agentic AI appeared first on Strata.io.

The post Why Hybrid Deployment Models Are Essential for Secure Agentic AI appeared first on Security Boulevard.

Eric Olden

Threat Actors Exploiting Victims’ Machines for Bandwidth Monetization

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 2 days ago

Cybersecurity researchers have uncovered an ongoing campaign where threat actors exploit the critical CVE-2024-36401 vulnerability in GeoServer, a geospatial database, to remotely execute code and monetize victims’ bandwidth. This remote code execution flaw, rated at a CVSS score of 9.8, enables attackers to deploy legitimate software development kits (SDKs) or modified applications that generate passive […]

The post Threat Actors Exploiting Victims’ Machines for Bandwidth Monetization appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Identity Lifecycle Management: A Complete Guide to ILM Stages, Tools, and Best Practices

Netwrix Blog | Insights for Cybersecurity and IT Pros
1 week 3 days ago
This post first appeared on blog.netwrix.com and was written by Tyler Reese.
Identity Lifecycle Management governs digital identities across their full lifecycle, automating provisioning, access changes, and deprovisioning. It enforces least privilege, synchronizes identity data, and integrates with HR, IAM, and SIEM systems. Role-based controls, audit trails, and policy-driven workflows ensure secure, compliant access across hybrid environments and machine identities. Digital identities form the foundation of access, … Continued
Tyler Reese

Managed ad