Aggregator

CVE-2025-13654 | zevv Duc up to 1.4.5 buffer_get stack-based overflow

4 weeks ago

A vulnerability marked as critical has been reported in zevv Duc up to 1.4.5. This affects the function buffer_get. Performing manipulation results in stack-based buffer overflow. This vulnerability is known as CVE-2025-13654. Access to the local network is required for this attack. No exploit is available. It is suggested to upgrade the affected component.

vuldb.com

EU fines X $140 million over deceptive blue checkmarks

Bleeping Computer.

4 weeks ago

The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). [...]

Sergiu Gatlan

Submit #696740: ZLT M30S & M30S PRO MTNNGRM30S_1.47, M30SPRO_3.09.06 (Other versions might be vulnerable) Denial of Service [Accepted]

Vuldb Submit

4 weeks ago

Submit #696740 / VDB-334487

S33K3R

CVE-2025-6966 | Canonical python-apt deb822 File TagSection.keys null pointer dereference

VulDB Recent Entries

4 weeks ago

A vulnerability labeled as problematic has been found in Canonical python-apt. The impacted element is the function TagSection.keys of the component deb822 File Handler. Such manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-6966. An attack has to be approached locally. There is no exploit available.

vuldb.com

Russian Hackers Spoof European Events in Targeted Phishing Attacks

Cyber Security News

4 weeks ago

Russian threat actors are running a new wave of phishing campaigns that spoof major European security events to quietly steal cloud credentials. Invitations that look legitimate, often tied to conferences such as the Belgrade Security Conference or the Brussels Indo-Pacific Dialogue, direct targets to polished registration sites that mimic real organizers. Behind this professional surface, […]

The post Russian Hackers Spoof European Events in Targeted Phishing Attacks appeared first on Cyber Security News.

Tushar Subhra Dutta

China-Linked Warp Panda Targets North American Firms in Espionage Campaign

Information Security Magazine

4 weeks ago

CrowdStrike warned that Warp Panda, a China-linked cyber-espionage group, is targeting US organizations to steal sensitive data and support Beijing’s strategic interests

Минус один дешевый вариант. Популярный хостер Aeza блокирует серверы по требованию РКН

Securitylab.ru

4 weeks ago

Клиенты Aeza получают «письма счастья» с требованием удалить VPN.

Microsoft Edge security advisory (AV25-810)

CCCS - Alerts and advisories

4 weeks ago

Canadian Centre for Cyber Security

HPE security advisory (AV25-809)

CCCS - Alerts and advisories

4 weeks ago

Canadian Centre for Cyber Security

Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF

Cyber Security News

4 weeks ago

A critical security vulnerability in Apache Tika has been discovered that allows attackers to compromise systems by uploading specially crafted PDF files. Organizations worldwide are urged to patch immediately. Apache Tika is a popular open-source toolkit used by thousands of organizations to extract text and metadata from documents, including PDFs, Word files, and images. Apache […]

The post Critical Apache Tika Core Vulnerability Exploited by Uploading Malicious PDF appeared first on Cyber Security News.

Abinaya

DragonForce

Dark Feed IO

4 weeks ago

You must login to view this content

cohenido

CVE-2025-64187 | OctoPrint up to 1.11.3 File cross site scripting (GHSA-crvm-xjhm-9h29)

Vuldb Updates

4 weeks ago

A vulnerability has been found in OctoPrint up to 1.11.3 and classified as problematic. The impacted element is an unknown function of the component File Handler. The manipulation leads to basic cross site scripting. This vulnerability is documented as CVE-2025-64187. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-64511 | 1Panel-dev MaxKB up to 2.3.0 Tool server-side request forgery (GHSA-9287-g7px-9rp4)

Vuldb Updates

4 weeks ago

A vulnerability has been found in 1Panel-dev MaxKB up to 2.3.0 and classified as critical. This impacts an unknown function of the component Tool Module. The manipulation leads to server-side request forgery. This vulnerability is listed as CVE-2025-64511. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-64703 | 1Panel-dev MaxKB up to 2.3.0 Tool information disclosure (GHSA-qwvm-x4xh-g2qq)

Vuldb Updates

4 weeks ago

A vulnerability was found in 1Panel-dev MaxKB up to 2.3.0. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Tool Module. This manipulation causes information disclosure. This vulnerability is registered as CVE-2025-64703. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-64717 | Zitadel up to 2.71.18/3.4.3/4.6.5 improper authentication (GHSA-j4g7-v4m4-77px)

Vuldb Updates

4 weeks ago

A vulnerability labeled as critical has been found in Zitadel up to 2.71.18/3.4.3/4.6.5. Impacted is an unknown function. The manipulation results in improper authentication. This vulnerability is known as CVE-2025-64717. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

vuldb.com

CVE-2025-59116 | JCD Windu CMS 4.1 observable response discrepancy

Vuldb Updates

4 weeks ago

A vulnerability described as problematic has been identified in JCD Windu CMS 4.1. This impacts an unknown function. Such manipulation leads to observable response discrepancy. This vulnerability is uniquely identified as CVE-2025-59116. The attack can be launched remotely. No exploit exists.

vuldb.com

CVE-2025-59113 | JCD Windu CMS 4.1 loginError excessive authentication

Vuldb Updates

4 weeks ago

A vulnerability marked as problematic has been reported in JCD Windu CMS 4.1. This affects an unknown function. This manipulation of the argument loginError causes improper restriction of excessive authentication attempts. This vulnerability is handled as CVE-2025-59113. The attack can be initiated remotely. There is not any exploit available.

vuldb.com

CVE-2025-59111 | JCD Windu CMS 4.1 authorization

Vuldb Updates

4 weeks ago

A vulnerability, which was classified as problematic, has been found in JCD Windu CMS 4.1. Affected by this issue is some unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is referenced as CVE-2025-59111. Remote exploitation of the attack is possible. No exploit is available.

vuldb.com

CVE-2025-59112 | JCD Windu CMS 4.1 POST Request cross-site request forgery

Vuldb Updates

4 weeks ago

A vulnerability, which was classified as problematic, was found in JCD Windu CMS 4.1. This affects an unknown part of the component POST Request Handler. The manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2025-59112. The attack can be executed remotely. There is not any exploit available.

vuldb.com

CVE-2025-59110 | JCD Windu CMS 4.1 cross-site request forgery

Vuldb Updates

4 weeks ago

A vulnerability was found in JCD Windu CMS 4.1. It has been classified as problematic. Impacted is an unknown function. Performing manipulation results in cross-site request forgery. This vulnerability is cataloged as CVE-2025-59110. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

Aggregator

Managed ad