Aggregator

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload. The manipulation of the argument path leads to path traversal. This vulnerability is handled as CVE-2025-2707. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Digiwin ERP 5.0.1. Affected by this vulnerability is an unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx. The manipulation of the argument File leads to unrestricted upload. This vulnerability is known as CVE-2025-2706. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in Digiwin ERP 5.1. Affected is the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument File leads to unrestricted upload. This vulnerability is traded as CVE-2025-2705. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #517030 / VDB-300729

Submit #517029 / VDB-300728

A critical flaw in the Next.js React framework could be exploited to bypass authorization checks under certain conditions. Maintainers of Next.js React framework addressed a critical vulnerability tracked as CVE-2025-29927 (CVSS score of 9.1) with the release of versions versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3. “Next.js version 15.2.3 has been released to address a security vulnerability […]

Submit #516293 / VDB-300727

Submit #516292 / VDB-300726

Submit #516291 / VDB-300726

SOCs without AI aren't just behind the curve — they're fundamentally outmatched in the asymmetric battle against sophisticated threat actors.

The post Evaluating AI for Security Operations appeared first on Security Boulevard.

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a

NASA хочет превратить наш спутник в обсерваторию невиданных масштабов.

关键词网络攻击涉及 GitHub Action“tj-actions/changed-files”的供应链攻击

关键词恶意软件网络安全研究人员近日发现，犯罪团伙正在滥用微软的可信签名服务（Microsoft Trusted

关键词安全漏洞Fit2Cloud 开发的开源特权访问管理 (PAM) 工具 JumpServer 中发现一系列

关键词安全漏洞近期，一个影响macOS系统的严重漏洞被曝光，引发了网络安全专家和用户的广泛关注。

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don’t prioritize strong password security. However, balancing security and usability doesn’t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article

Google has recently rolled out a critical security update for its Chrome browser, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code. This update is part of a broader effort to ensure user safety in an increasingly threat-ridden digital landscape. The latest version, 134.0.6998.117/.118, is being rolled out across Windows, Mac, and Linux […]

The post Critical Chrome Vulnerability Allows Attackers to Execute Arbitrary Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.