Aggregator

CVE-2024-3736 | cym1102 nginxWebUI up to 3.9.9 /adminPage/main/upload unrestricted upload (Issue 138)

Vuldb Updates
2 days 10 hours ago
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. The affected element is the function Upload of the file /adminPage/main/upload. The manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2024-3736. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-3737 | cym1102 nginxWebUI up to 3.9.9 /adminPage/www/addOver findCountByQuery dir path traversal (Issue 138)

Vuldb Updates
2 days 10 hours ago
A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. The impacted element is the function findCountByQuery of the file /adminPage/www/addOver. This manipulation of the argument dir causes path traversal. This vulnerability is registered as CVE-2024-3737. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2024-25015 | IBM MQ 9.2/9.3 Internet Pass-Thru amplification (XFDB-281278)

Vuldb Updates
2 days 10 hours ago
A vulnerability, which was classified as critical, has been found in IBM MQ 9.2/9.3. Affected is an unknown function of the component Internet Pass-Thru. Performing manipulation results in insufficient control of network message volume. This vulnerability is reported as CVE-2024-25015. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-23364 | Siemens TIA Administrator prior 3.0.6 signature verification (ssa-573669)

Vuldb Updates
2 days 10 hours ago
A vulnerability categorized as problematic has been discovered in Siemens TIA Administrator. Affected by this issue is some unknown functionality. Executing manipulation can lead to improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-23364. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-40593 | Siemens SIMATIC CN 4100 up to 3.x SFTP Folder denial of service (ssa-626991)

Vuldb Updates
2 days 10 hours ago
A vulnerability has been found in Siemens SIMATIC CN 4100 up to 3.x and classified as problematic. Affected is an unknown function of the component SFTP Folder. This manipulation causes denial of service. This vulnerability is registered as CVE-2025-40593. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2025-40737 | Siemens SINEC NMS up to 3.x ZIP File path traversal (ssa-078892)

Vuldb Updates
2 days 10 hours ago
A vulnerability was found in Siemens SINEC NMS up to 3.x. It has been classified as critical. Affected by this issue is some unknown functionality of the component ZIP File Handler. Performing manipulation results in path traversal. This vulnerability is reported as CVE-2025-40737. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-40738 | Siemens SINEC NMS up to 3.x ZIP File path traversal (ssa-078892)

Vuldb Updates
2 days 10 hours ago
A vulnerability was found in Siemens SINEC NMS up to 3.x. It has been declared as critical. This affects an unknown part of the component ZIP File Handler. Executing manipulation can lead to path traversal. This vulnerability appears as CVE-2025-40738. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40739 | Siemens Solid Edge SE2025 up to 225.0 Update 4 PAR File Parser out-of-bounds (ssa-091753 / Nessus ID 241712)

Vuldb Updates
2 days 10 hours ago
A vulnerability was found in Siemens Solid Edge SE2025 up to 225.0 Update 4. It has been rated as problematic. This vulnerability affects unknown code of the component PAR File Parser. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-40739. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-40740 | Siemens Solid Edge SE2025 up to 225.0 Update 5 PAR File Parser out-of-bounds (ssa-091753 / Nessus ID 241712)

Vuldb Updates
2 days 10 hours ago
A vulnerability categorized as critical has been discovered in Siemens Solid Edge SE2025 up to 225.0 Update 5. This issue affects some unknown processing of the component PAR File Parser. The manipulation results in out-of-bounds read. This vulnerability is known as CVE-2025-40740. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-40741 | Siemens Solid Edge SE2025 up to 225.0 Update 4 CFG File Parser stack-based overflow (ssa-091753 / Nessus ID 241712)

Vuldb Updates
2 days 10 hours ago
A vulnerability identified as critical has been detected in Siemens Solid Edge SE2025 up to 225.0 Update 4. Impacted is an unknown function of the component CFG File Parser. This manipulation causes stack-based buffer overflow. This vulnerability is handled as CVE-2025-40741. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.
vuldb.com

MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 days 10 hours ago

A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deploying Firebase-hosted phishing pages that incorporate custom math-based CAPTCHA challenges to evade detection and lend legitimacy. These lures lead victims […]

The post MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 days 10 hours ago

Cyber spies associated with the threat actor group Paper Werewolf have demonstrated advanced capabilities in bypassing email security filters by delivering malware through seemingly legitimate archive files, a tactic that exploits the commonality of such attachments in business correspondence. Despite their sophistication, these attackers continue to rely on detectable tactics, techniques, and procedures (TTPs), underscoring […]

The post Paper Werewolf Exploits WinRAR Zero-Day Vulnerability to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth

Cyber Security News
2 days 10 hours ago

A stealthy campaign emerged in early March 2025 that capitalized on a critical remote code execution flaw in GeoServer (CVE-2024-36401) to compromise publicly exposed geospatial servers. Attackers exploited JXPath query injection within Apache Commons libraries, allowing arbitrary code execution through crafted XML requests. This vector enabled the silent deployment of customized executables that leveraged legitimate […]

The post Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad