Aggregator

CVE-2025-6335 | DedeCMS up to 5.7.2 Template dedetag.class.php notes command injection

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The manipulation of the argument notes leads to command injection. The identification of this vulnerability is CVE-2025-6335. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

Grafana Flaws Allow User Redirection and Code Execution in Dashboards

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 4 weeks ago

Grafana Labs has released critical security patches addressing two significant vulnerabilities that could enable attackers to redirect users to malicious websites and execute arbitrary code within dashboard environments. The security update addresses CVE-2025-6023, a high-severity cross-site scripting (XSS) vulnerability, and CVE-2025-6197, a medium-severity open redirect flaw, both discovered through the company’s bug bounty program. Critical […]

The post Grafana Flaws Allow User Redirection and Code Execution in Dashboards appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins

Cyber Security News
9 months 4 weeks ago

A sophisticated Malware-as-a-Service operation has emerged that exploits the trusted GitHub platform to distribute malicious payloads, representing a significant evolution in cybercriminal tactics. The operation leverages fake GitHub accounts to host an arsenal of malware tools, plugins, and payloads, capitalizing on GitHub’s widespread corporate acceptance to bypass traditional web filtering mechanisms. The malicious campaign targets […]

The post Threat Actors Weaponizing GitHub Accounts To Host Payloads, Tools and Amadey Malware Plug-Ins appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2025-7807 | Tenda FH451 1.0.0.9 /goform/SafeUrlFilter fromSafeUrlFilter Go/page stack-based overflow (EUVD-2025-21934)

VulDB Recent Entries
9 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-7807. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7806 | Tenda FH451 1.0.0.9 /goform/SafeClientFilter fromSafeClientFilter Go/page stack-based overflow (EUVD-2025-21935)

VulDB Recent Entries
9 months 4 weeks ago
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. This vulnerability was named CVE-2025-7806. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7805 | Tenda FH451 1.0.0.9 /goform/PPTPUserSetting fromPptpUserSetting delno stack-based overflow (EUVD-2025-21933)

VulDB Recent Entries
9 months 4 weeks ago
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-7805. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-53057 | Linux Kernel up to 6.11.6 qdisc_tree_reduce_backlog iteration (Nessus ID 211777 / WID-SEC-2024-3509)

Vuldb Updates
9 months 4 weeks ago
A vulnerability classified as critical was found in Linux Kernel up to 6.11.6. Affected by this vulnerability is the function qdisc_tree_reduce_backlog. The manipulation leads to excessive iteration. This vulnerability is known as CVE-2024-53057. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Microsoft Defender for Office 365 Launches New Dashboard for Enhanced Threat Vector Insights

Cyber Security News
9 months 4 weeks ago

Microsoft today announced the rollout of a revamped customer dashboard in Microsoft Defender for Office 365, designed to deliver unprecedented insights across a broad spectrum of attack vectors.  The new interface gives security teams real-time visibility into threats blocked before delivery, malicious content remediated post-delivery, and even “missed” incidents, all without sacrificing privacy or performance.  […]

The post Microsoft Defender for Office 365 Launches New Dashboard for Enhanced Threat Vector Insights appeared first on Cyber Security News.

Kaaviya

微信安全漏洞复现:无感执行远程代码

火绒安全实验室
9 months 4 weeks ago
近日,微信安全漏洞:目录穿越造成RCE(远程代码执行)在网络传播较为广泛,引起热议。微信3.9及以下版本均存在此问题,建议及时从微信官网下载最新版本进行安装。火绒最新版本病毒库已实现相关防护,请广大用户及时升级火绒病毒库。

Ubiquiti UniFi Vulnerability Lets Hackers Inject Malicious Commands

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 4 weeks ago

A critical security vulnerability has been discovered in Ubiquiti’s UniFi Access devices that could allow malicious actors to inject and execute arbitrary commands on affected systems. The vulnerability, designated as CVE-2025-27212, affects multiple UniFi Access products and carries a maximum CVSS score of 9.8, indicating its severe nature and potential for widespread exploitation. Vulnerability Details […]

The post Ubiquiti UniFi Vulnerability Lets Hackers Inject Malicious Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Akira

Dark Feed IO
9 months 4 weeks ago

You must login to view this content

cohenido

CVE-2024-50304 | Linux Kernel up to 6.11.6 net/ipv4/ip_tunnel.c ip_tunnel_find stack-based overflow (f20fe2cfe06c/90e0569dd3d3 / Nessus ID 215144)

Vuldb Updates
9 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 6.11.6 and classified as critical. Affected by this issue is the function ip_tunnel_find of the file net/ipv4/ip_tunnel.c. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-50304. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad