Aggregator

A vulnerability labeled as problematic has been found in Dell CloudBoost Virtual Appliance up to 19.13.0.0. This affects an unknown function. Executing manipulation can lead to improper restriction of excessive authentication attempts. This vulnerability is registered as CVE-2025-46603. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in bacnet-stack up to 1.5.0.rc1. The impacted element is the function bacnet_npdu_decode of the file src/bacnet/npdu.c of the component BACnet Protocol Handler. Performing manipulation results in out-of-bounds read. This vulnerability is cataloged as CVE-2025-66624. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability categorized as problematic has been discovered in Frappe LMS up to 2.40.x. The affected element is an unknown function of the component Endpoint. Such manipulation leads to incorrect authorization. This vulnerability is listed as CVE-2025-66581. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability was found in Nextcloud Tables up to 0.8.8/0.9.5/1.0.0. It has been rated as problematic. Impacted is an unknown function. This manipulation causes authorization bypass. This vulnerability is tracked as CVE-2025-66513. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability was found in yawkat lz4-java up to 1.10.0. It has been declared as problematic. This issue affects some unknown processing. The manipulation results in insertion of sensitive information into sent data. This vulnerability is identified as CVE-2025-66566. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Flexsense DiskBoss, DiskBoss Pro, DiskBoss Ultimate, DiskBoss Server and DiskBoss Enterprise 11.7.28. It has been classified as problematic. This vulnerability affects unknown code. The manipulation leads to unquoted search path. This vulnerability is referenced as CVE-2020-36879. The attack can only be performed from a local environment. Furthermore, an exploit is available.

A vulnerability was found in Langflow up to 1.6.9 and classified as critical. This affects an unknown part of the component Refresh Endpoint. Executing manipulation can lead to origin validation error. The identification of this vulnerability is CVE-2025-34291. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Advantech WISE-DeviceOn Server up to 5.3 and classified as critical. Affected by this issue is some unknown functionality of the component Installation Handler. Performing manipulation results in use of hard-coded cryptographic key . This vulnerability was named CVE-2025-34256. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as very critical, was found in Google Cloud Apigee Hybrid up to 1.11.1/1.12.3/1.13.2/1.14.0. Affected by this vulnerability is an unknown functionality of the component Javacallout Policy. Such manipulation leads to dynamically-managed code resources. This vulnerability is uniquely identified as CVE-2025-13426. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in ReQuest Serious Play F3 Media Server 7.0.3.4968. Affected is an unknown function of the component Quick File Uploader Page. This manipulation causes os command injection. This vulnerability is handled as CVE-2020-36877. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability classified as problematic was found in strimzi strimzi-kafka-operator up to 0.49.0 on Kubernetes. This impacts an unknown function. The manipulation results in information disclosure. This vulnerability is known as CVE-2025-66623. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in ReQuest Serious Play F3 Media Server. This affects an unknown function of the component message_log Page. The manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2020-36876. It is possible to launch the attack on the physical device. Furthermore, there is an exploit available.

免责声明由于传播、利用本公众号所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，公众号陌

Security researchers from the SAFA team have uncovered four kernel heap overflow vulnerabilities in Avast Antivirus, all traced to the aswSnx kernel driver. The flaws, now tracked collectively as CVE-2025-13032, could allow a local attacker to escalate privileges to SYSTEM on Windows 11 if successfully exploited. The research focused on Avast’s sandbox implementation, a component […]

The post Avast Antivirus Sandbox Vulnerabilities Let Attackers Escalate Privileges appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 8 - In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Currently trending CVE - Hype Score: 9

Currently trending CVE - Hype Score: 2 - Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Currently trending CVE - Hype Score: 9 - Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or ...

Как детская игровая платформа превратилась в объект для претензий о пропаганде, экстремизме и угрозах для несовершеннолетних.

Критическая уязвимость уже в арсенале известных групп, вопрос в том, сколько проектов заметит это слишком поздно.