Aggregator

CVE-2025-13762 | CyberArk Secure Web Sessions Extension prior 2.2.30305 on Chrome denial of service (EUVD-2025-199782)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability has been found in CyberArk Secure Web Sessions Extension on Chrome and classified as problematic. This affects an unknown function. Performing manipulation results in denial of service. This vulnerability was named CVE-2025-13762. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.
vuldb.com

CVE-2025-12758 | Validator up to 13.15.21 isLength incomplete filtering of one or more instances of special elements (SNYK-JS-VALIDATOR-13653476 / EUVD-2025-199795)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Validator up to 13.15.21. The impacted element is the function isLength. Such manipulation leads to incomplete filtering of one or more instances of special elements. This vulnerability is uniquely identified as CVE-2025-12758. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-34351 | Ray Team Anyscale Ray 2.52.0 API insecure default initialization of resource (GHSA-w8vc-465m-jjw6)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as very critical was found in Ray Team Anyscale Ray 2.52.0. Impacted is an unknown function of the component API. The manipulation results in insecure default initialization of resource. This vulnerability is known as CVE-2025-34351. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

Hottest cybersecurity open-source tools of the month: November 2025

Help Net Security
6 months 3 weeks ago

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Heisenberg: Open-source software supply chain health check tool Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), and external advisories to measure package health, detect risks, and generate reports for individual dependencies or entire projects. VulnRisk: Open-source vulnerability risk assessment … More →

The post Hottest cybersecurity open-source tools of the month: November 2025 appeared first on Help Net Security.

Anamarija Pogorelec

Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware

Cyber Security News
6 months 3 weeks ago

Cybercriminals are successfully targeting Apple users through a sophisticated social engineering scheme that tricks victims into running harmful commands on their computers. The threat, called FlexibleFerret, is attributed to North Korean operators and represents a continuing evolution of the Contagious Interview campaign that has been active throughout 2025. The malware primarily spreads through fake job […]

The post Hackers Tricks macOS Users to Execute Command in Terminal to Deliver FlexibleFerret Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Qilin

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

CVE-2025-64496 | open-webui Open WebUI up to 0.6.34 Direct Connections Feature cross site scripting (GHSA-cm35-v4vp-5xvx / EUVD-2025-38253)

Vuldb Updates
6 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in open-webui Open WebUI up to 0.6.34. Affected by this vulnerability is an unknown functionality of the component Direct Connections Feature. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-64496. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-64493 | SuiteCRM up to 8.9.0 GraphQL API appMetadata sql injection (GHSA-5gcj-mfqq-v8f7)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in SuiteCRM up to 8.9.0 and classified as critical. Affected is the function appMetadata of the component GraphQL API. Executing manipulation can lead to sql injection. The identification of this vulnerability is CVE-2025-64493. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-12920 | qianfox FoxCMS up to 1.2.16 Product.php add/edit Title cross site scripting (EUVD-2025-38722 / CNNVD-202511-873)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in qianfox FoxCMS up to 1.2.16. It has been rated as problematic. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. The identification of this vulnerability is CVE-2025-12920. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-64489 | SuiteCRM up to 7.14.7/8.9.0 Deactivation privileges management (GHSA-j6jg-9jj3-q2ph / EUVD-2025-38349)

Vuldb Updates
6 months 3 weeks ago
A vulnerability categorized as critical has been discovered in SuiteCRM up to 7.14.7/8.9.0. This vulnerability affects unknown code of the component Deactivation Handler. Such manipulation leads to improper privilege management. This vulnerability is listed as CVE-2025-64489. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-64490 | SuiteCRM up to 7.14.7/8.9.0 Related authorization (GHSA-jh8v-wqgj-hhc2 / EUVD-2025-38348)

Vuldb Updates
6 months 3 weeks ago
A vulnerability identified as critical has been detected in SuiteCRM up to 7.14.7/8.9.0. This issue affects some unknown processing of the component Related Module. Performing manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2025-64490. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-64491 | SuiteCRM up to 7.14.7 cross site scripting (GHSA-prfm-6667-x3mv / WID-SEC-2025-2516)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in SuiteCRM up to 7.14.7. It has been declared as problematic. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-64491. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad