Aggregator

A vulnerability was found in freescout up to 1.8.179 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-48483. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in VMware Spring Cloud Gateway and Spring Cloud Gateway Server MVC and classified as problematic. This vulnerability affects unknown code of the component Header Handler. The manipulation of the argument X-Forwarded-For/Forwarded leads to an unknown weakness. This vulnerability was named CVE-2025-41235. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in freescout up to 1.8.177. This affects an unknown part of the component Conversation Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-48484. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in valtimo-backend-libraries up to 11.3.3.RELEASE/12.12.0.RELEASE. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-48881. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Gearside Developer Dashboard Plugin up to 1.0.72 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-4429. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in freescout up to 1.8.179. Affected is the function fill. The manipulation leads to enforcement of behavioral workflow. This vulnerability is traded as CVE-2025-48482. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout up to 1.8.179. It has been rated as critical. This issue affects the function invite_hash. The manipulation leads to enforcement of behavioral workflow. The identification of this vulnerability is CVE-2025-48481. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout up to 1.8.179. It has been declared as problematic. This vulnerability affects unknown code of the file /.htaccess of the component Avatar Handler. The manipulation leads to enforcement of behavioral workflow. This vulnerability was named CVE-2025-48480. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout up to 1.8.179. It has been classified as problematic. This affects an unknown part. The manipulation leads to enforcement of behavioral workflow. This vulnerability is uniquely identified as CVE-2025-48479. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in freescout up to 1.8.179 and classified as problematic. Affected by this issue is some unknown functionality of the component User Creation Handler. The manipulation of the argument fillable leads to enforcement of behavioral workflow. This vulnerability is handled as CVE-2025-48478. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in freescout up to 1.8.179 and classified as critical. Affected by this vulnerability is the function fill. The manipulation leads to enforcement of behavioral workflow. This vulnerability is known as CVE-2025-48477. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Lomkit laravel-rest-api up to 2.12.x. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-48490. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in freescout up to 1.8.179. This issue affects the function fill of the component Password Field Handler. The manipulation leads to enforcement of behavioral workflow. The identification of this vulnerability is CVE-2025-48476. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in gradio-app gradio up to 5.30.x. This vulnerability affects unknown code of the component Flagging Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2025-48889. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

2025年05月24 日 09:00-21:00，经过12个小时的激烈鏖战，第三届京麒 CTF 线上初赛圆满收官，一场精彩绝伦的网络安全竞技盛宴落下帷幕。本次初赛共有390支战队签到参赛，充分展现了网络安全爱好者们的高涨热情与积极态度。

ConnectWise, a leading provider of software solutions for managed service providers, disclosed today that it detected suspicious activity within its environment, believed to be orchestrated by a sophisticated nation-state actor. The breach, which impacted a small number of ScreenConnect customers, has prompted an immediate response from the company, including an investigation led by top cybersecurity […]

The post ConnectWise Hacked – Nation State Actors Compromised the Systems to Access Customer Data appeared first on Cyber Security News.

Пока одни просто болтали по телефону, другие шаг за шагом собирали маршруты их передвижения.

A vulnerability, which was classified as problematic, was found in Vembu StoreGrid 4.4.x. This affects an unknown part of the file interface/registercustomer/onlineregsuccess.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2014-10078. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

2024 年是第一个突破 1.5℃ 全球变暖阈值的单一年份。现在顶尖气候学家首次发出警告，到 2029 年全球升温可能首次超过 2℃。英国国家气象局的科学家每年都会利用世界各地研究机构的气候观测数据和模型，预测未来5年的全球气候。最新预测结果表明，到 2029 年，单一年份的平均温度可能比工业化前水平高出 2℃。根据为世界气象组织（WMO）编制的《全球年际至年代际气候更新》，未来 5 年中至少有一年突破相同阈值（1.5℃ ）的可能性为 86%。与此同时研究人员预测，2025-2029 年间，平均升温超过 1.5℃ 的可能性为 70%。单一年份全球升温超过 2℃ 的可能性仍然非常小，WMO/英国国家气象局的团队估计其概率为 1%。

As enterprises increasingly adopt multi-cloud architectures to optimize flexibility and avoid vendor lock-in, securing these distributed environments has become a critical priority. According to industry forecasts, over 70% of organizations will rely on multi-cloud or hybrid models by 2025. However, this shift has expanded attack surfaces, with misconfigurations, supply chain vulnerabilities, and identity management gaps posing […]

The post Securing Multi-Cloud Infrastructures in 2025 Enterprise Deployments appeared first on Cyber Security News.