Aggregator

Tips to help you purchase items safely and avoid fraudulent websites.

A vulnerability labeled as critical has been found in QNAP License Center 1.8.51. The impacted element is an unknown function. Executing manipulation can lead to os command injection. This vulnerability is handled as CVE-2024-48863. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in AcademySoftwareFoundation OpenEXR up to 3.2.4/3.3.5/3.4.2. The affected element is the function PyObject_StealAttrString of the file pyOpenEXR_old.cpp of the component EXR File Parser. The manipulation leads to use after free. This vulnerability is traded as CVE-2025-64183. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in AcademySoftwareFoundation OpenEXR up to 3.3.5/3.4.2. The impacted element is the function openexr_exrcheck_fuzzer of the component EXR File Parser. The manipulation results in use of uninitialized variable. This vulnerability is known as CVE-2025-64181. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Sandi Verdev Watermark RELOADED Plugin up to 1.3.5 on WordPress. It has been classified as problematic. Impacted is an unknown function. Performing manipulation results in cross-site request forgery. This vulnerability is identified as CVE-2024-27195. The attack can be initiated remotely. There is not any exploit available.

This issue looks like a false-positive. Please review the listed sources and think about not using this entry.

A vulnerability identified as problematic has been detected in Absolute Secure Access up to 14.11. This vulnerability affects unknown code of the component Packet Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-59595. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

A vulnerability classified as critical was found in Advantech iView 5.7.03.6112/5.7.03.6182. This affects an unknown function of the component SNMP Management Tool. Such manipulation of the argument search_term leads to sql injection. This vulnerability is traded as CVE-2022-50593. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Redis up to 8.2.2 and classified as critical. This affects an unknown function of the component XACKDEL Command Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-62507. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Advice for those concerned a device has been infected.

Researchers have confirmed more than 30 affected organizations tied to the React2Shell bug that emerged last week.

A vulnerability was found in Ilevia EVE X1 Server up to 4.6.5.0.eden. It has been classified as critical. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command injection. This vulnerability is handled as CVE-2025-14276. The attack can be initiated remotely. Additionally, an exploit exists. Upgrading the affected component is recommended. The vendor confirms the issue and recommends: "We already know that issue and on most devices are already solved, also it’s not needed to open the port to outside world so we advised our customer to close it".

A step by step guide to recovering online accounts.

How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.

A vulnerability was found in usememos memos 0.25.2 and classified as critical. This issue affects some unknown processing of the component Reaction Handler. The manipulation results in improper access controls. This vulnerability is known as CVE-2025-65796. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

Submit #702649 / VDB-334802

Alleged Unauthorized Access to Packagist Accounts

A vulnerability has been found in PowerDNS up to 5.1.8/5.2.6/5.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-59030. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.