Aggregator

A vulnerability has been found in Red Hat OpenShift Service Mesh 2.5.6/2.6.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Envoy Header Hander. The manipulation leads to injection. This vulnerability is known as CVE-2025-0754. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in git-lfs Git LFS up to 3.6.0. It has been classified as critical. Affected is an unknown function of the component URL Handler. The manipulation leads to injection. This vulnerability is traded as CVE-2024-53263. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cacti up to 1.2.28. Affected is an unknown function of the component Setting Handler. The manipulation of the argument Poller Standard Error Log Path leads to path traversal. This vulnerability is traded as CVE-2024-45598. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM OpenPages with Watson 8.3/9.0. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-37527. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in IBM Storage Defender up to 2.0.7. This vulnerability affects unknown code of the component defender-sensor-cmd CLI. The manipulation leads to missing encryption of sensitive data. This vulnerability was named CVE-2024-38325. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0. The issue, classified as a Relative Path Traversal vulnerability, exposes Solr instances running on Windows to potential risks of arbitrary file path manipulation and write-access. Tracked as SOLR-17543, this vulnerability could permit attackers to exploit the “configset upload” API through […]

The post Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic has been found in IBM Storage Protect for Virtual Environments: Data Protection for VMware and Storage Protect Backup-Archive Client up to 8.1.23.0. This affects an unknown part. The manipulation leads to risky cryptographic algorithm. This vulnerability is uniquely identified as CVE-2024-38320. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

IntelBroker, EnergyWeaponUser, and Alex218 Claim to have Leaked the Data of Asia Recruit Malaysia

A Threat Actor Claims to have Leaked the Data of Lyca Mobile France

祥龙跃海辞旧岁，金蛇纳福启新程。

Фрэнсис Хоуксби первым понял, что слепая вера - не гарантия выздоровления.

Author/Presenter: Lacey Harbour

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – 3DU Homo ex Machina appeared first on Security Boulevard.

今日暂未更新资讯~
更多最新文章，请访问SecWiki

A Threat Actor Claims to have Leaked the Data of Atlas Pakistan (Pvt.) Ltd

A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling of credential protocols can lead to sensitive data leaks. From GitHub Desktop to Git Credential Manager and Git LFS, these issues were uncovered during a routine bug-hunting session for the GitHub Bug Bounty program, resulting in the assignment of multiple […]

The post GitHub Vulnerability Exposes User Credentials via Malicious Repositories appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel Trust Domain Extensions (TDX), a foundational technology designed to ensure robust isolation between virtual machines (VMs) in secure environments. The study reveals that hardware performance counters (HPCs), meant for performance monitoring, can be exploited by Virtual Machine Managers (VMMs) to […]

The post Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

WOLF CYBER ARMY Defaced Multiple Websites

A Threat Actor Claims to be Selling Access to a U.S.-Based E-commerce Website