Aggregator

A vulnerability marked as critical has been reported in GitLab Community Edition and Enterprise Edition up to 18.4.5/18.5.3/18.6.1. The impacted element is an unknown function of the component API Handler. This manipulation causes allocation of resources. This vulnerability is registered as CVE-2025-14157. Remote exploitation of the attack is possible. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability classified as critical was found in Webmin up to 2.599. This affects an unknown function of the file squid/cachemgr.cgi of the component Squid Module. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2025-67738. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as problematic has been discovered in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-14528. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended.

F5 unveiled enhancements to the F5 Application Delivery and Security Platform (ADSP). The latest updates focus on strengthening API discovery capabilities, improving threat detection, and optimizing network connectivity. These updated capabilities are in the latest 7.0 release of F5 Distributed Cloud Services, marking a major update that strengthens visibility and offers greater control for protecting APIs. “APIs are everywhere, powering every connection across apps, users, and data,” said Kunal Anand, Chief Product Officer at F5. … More →

The post F5 strengthens ADSP with enhanced API discovery and threat detection appeared first on Help Net Security.

A vulnerability was found in QualitySoft QND Standard, QND Advance and QND Premium up to 11.0.9i. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to privilege chaining. This vulnerability is uniquely identified as CVE-2025-64701. Local access is required to approach this attack. No exploit exists.

Submit #703150 / VDB-335869

Submit #703137 / VDB-248948

Хакеры научились идеально притворяться теми, кому бизнес привык доверять безоговорочно.

大模型带来的一个变化，就是新时代的中国技术创业者，即便依旧需要商业世界的支持，也终于可以放下技术理想带来的「羞耻感」了。

Submit #703136 / VDB-248948

Originally published at How to Check and Improve Your Email Sender Reputation by EasyDMARC.

If you’re noticing a consistently poor ROI on ...

The post How to Check and Improve Your Email Sender Reputation appeared first on EasyDMARC.

The post How to Check and Improve Your Email Sender Reputation appeared first on Security Boulevard.

A vulnerability was found in projectworlds Advanced Library Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_book.php. Executing manipulation of the argument book_id can lead to sql injection. This vulnerability is handled as CVE-2025-14527. The attack can be executed remotely. Additionally, an exploit exists.

Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charged in the US for allegedly aiding the pro-Russia hacktivist groups Cyber Army of Russia Reborn (CARR) and NoName057(16) in cyberattacks against critical infrastructure worldwide. Dubranova was extradited to […]

A vulnerability was found in Tenda CH22 1.0.0.1. It has been classified as critical. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. This vulnerability is known as CVE-2025-14526. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Black Duck announced the launch of Black Duck Signal, a transformative agentic AI solution engineered to secure software at the speed of AI-powered development. Signal combines Black Duck’s 20 years of software security expertise and intellectual property with LLM-powered software analysis to autonomously detect and remediate vulnerabilities in business-critical applications. As companies rapidly adopt AI coding assistants and agentic workflows, the need for application security solutions that can keep pace has never been greater. Black … More →

The post Black Duck Signal applies LLM intelligence to code and supply chain risk appeared first on Help Net Security.

A vulnerability was found in WP Job Portal Plugin up to 2.4.0 on WordPress and classified as critical. Affected by this issue is the function downloadCustomUploadedFile. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2025-14293. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 18.4.5/18.5.3/18.6.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Merge Handler. This manipulation causes escaping of output. This vulnerability appears as CVE-2025-12734. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

Submit #703096 / VDB-335867

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.4.5/18.5.3/18.6.1. Affected is an unknown function of the component Swagger UI. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-12029. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in GNOME Glib. This impacts the function escape_byte_string of the component Remote Fileystem Handler. The manipulation leads to integer overflow. This vulnerability is documented as CVE-2025-14512. The attack can be initiated remotely. There is not any exploit available.