Aggregator

CVE-2025-5107 | Fujian Kelixun 1.0 xml_cdr_details.php uuid sql injection

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. This vulnerability was named CVE-2025-5107. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-5106 | Fujian Kelixun 1.0 Filename /app/fax/fax_view.php fax_file os command injection

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/fax_view.php of the component Filename Handler. The manipulation of the argument fax_file leads to os command injection. This vulnerability is uniquely identified as CVE-2025-5106. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Akira

Dark Feed IO
8 months 4 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO
8 months 4 weeks ago

You must login to view this content

cohenido

Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks

Security Affairs
8 months 4 weeks ago
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor UAT-6382, based on tools and TTPs used in the intrusions. The vulnerability CVE-2025-0994 (CVSS v4 score of 8.6) is a […]
Pierluigi Paganini

使用 LLM 和嵌入模型进行技术识别与威胁行为者归因

Seebug Paper
8 months 4 weeks ago
作者:Kyla Guru, Robert J. Moss, Mykel J. Kochenderfer 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/pdf/2505.11547v1 摘要 网络攻击的归因对于防御者来说是一个复杂但至关重要的挑战。目前,从密集的取证文档中手动提取行为指标会导致显著的归因延迟,尤其是在国际规模的重大事件之后。本研究评估了大型语言...

CVE-2025-5105 | TOZED ZLT W51 up to 1.4.2 Service Port 7777 heap inspection

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. This vulnerability is handled as CVE-2025-5105. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
8 months 4 weeks ago

On May 22, 2025, Commvault, a leading enterprise data backup provider, issued an urgent advisory regarding active cyber threat activity targeting its Metallic software-as-a-service (SaaS) application, which is hosted in the Microsoft Azure cloud environment. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed that threat actors exploited a zero-day vulnerability (CVE-2025-3928) in Commvault’s web […]

The post CISA Alerts on Threat Actors Targeting Commvault Azure App to Steal Secrets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Anupriya

CVE-2025-48708 | Artifex Ghostscript up to 10.05.0 base/gslibctx.c gs_lib_ctx_stash_sanitized_arg improper removal of sensitive information before storage or transfer

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability, which was classified as problematic, was found in Artifex Ghostscript up to 10.05.0. Affected is the function gs_lib_ctx_stash_sanitized_arg of the file base/gslibctx.c. The manipulation leads to improper removal of sensitive information before storage or transfer. This vulnerability is traded as CVE-2025-48708. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-5098 | Mobile Dynamix PrinterShare Mobile Print App 12.15.01 on Android Gmail Authentication Token information disclosure

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability, which was classified as problematic, has been found in Mobile Dynamix PrinterShare Mobile Print App 12.15.01 on Android. This issue affects some unknown processing of the component Gmail Authentication Token Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-5098. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

Managed ad