Aggregator

A vulnerability, which was classified as critical, was found in Buffalo LS520D 4.53. This affects an unknown part of the component NAS Web UI. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-26167. The attack needs to be approached within the local network. There is no exploit available.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-07, 62 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'MICHAEL RANDRIANANTENAINA [https://elkamika.blogspot.com/]' was reported to the affected vendor on: 2025-03-07, 54 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-07, 62 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-07, 67 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-03-07, 69 days ago. The vendor is given until 2025-07-05 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

​在当下复杂且变幻莫测的网络安全形势中，一个名为 Anubis 的全新勒索软件组织已强势登场，迅速成为网络安全领域里令人瞩目的重大威胁。

YouTube 发出警告，称诈骗者正利用人工智能生成的该公司首席执行官视频实施网络钓鱼攻击，目的是窃取创作者的登录凭证。

A vulnerability, which was classified as critical, has been found in PublicCMS 4.0.202406. Affected by this issue is some unknown functionality of the file /cms/CmsWebFileAdminController.java of the component File Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-25361. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Collabora Online up to 22.05.24/23.05.18. Affected by this vulnerability is an unknown functionality. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability is known as CVE-2025-24796. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in ZTE MU5120 5.4.9 on iOS. Affected is an unknown function of the component WiFi Service. The manipulation of the argument WiFi leads to risky cryptographic algorithm. This vulnerability is traded as CVE-2025-26708. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in NocoDB up to 0.257.x. It has been rated as problematic. This issue affects the function renderPasswordReset of the file /api/v1/db/auth/password/reset/ of the component API Endpoint. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-27506. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intermesh groupoffice up to 6.8.99. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-25191. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in labring FastGPT up to 4.8.x. It has been classified as critical. This affects an unknown part. The manipulation leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-27600. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in SixLabors ImageSharp up to 2.1.9/3.1.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GIF Decoder. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-27598. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Netsweeper Server up to 8.2.6 and classified as critical. Affected by this issue is some unknown functionality of the component Account Management Interface. The manipulation of the argument Account Owner leads to improper authorization. This vulnerability is handled as CVE-2025-25497. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in fleetdm fleet up to 4.58.0/4.62.3/4.63.1/4.64.1. Affected is an unknown function. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-27509. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Envoy Proxy up to 1.2.6/1.3.0. This issue affects some unknown processing. The manipulation leads to improper output neutralization for logs. The identification of this vulnerability is CVE-2025-25294. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samsung Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930 and W1000. This vulnerability affects the function STOP_KEEP_ALIVE_OFFLOAD. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-50600. The attack needs to be done within the local network. There is no exploit available.

В тени популярных библиотек затаился хакер, жаждущий ваших цифровых активов.