Aggregator

A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Telephony Service. The manipulation leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-27481. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025. It has been rated as critical. Affected by this issue is some unknown functionality of the component Remote Desktop Services. The manipulation leads to sensitive data storage in improperly locked memory. This vulnerability is handled as CVE-2025-27482. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows up to Server 2019. This affects an unknown part of the component NTFS. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-27483. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. This vulnerability affects unknown code of the component UPnP Device Host. The manipulation leads to sensitive data storage in improperly locked memory. This vulnerability was named CVE-2025-27484. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Tracker Software PDF-XChange Editor. This affects an unknown part of the component RTF File Parser. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-2231. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. This vulnerability was named CVE-2025-2709. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The identification of this vulnerability is CVE-2025-2710. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path traversal. This vulnerability is handled as CVE-2025-2707. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. This vulnerability is uniquely identified as CVE-2025-2708. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Google发布Gemini CLI工具，支持通过终端访问其AI模型，免费提供每天1000次请求。文章介绍了在Android设备上安装Gemini CLI的方法，并解决Google认证问题，提供两种解决方案：使用调试模式手动登录或借助Termux:API自动触发浏览器登录。

《The Alters》是一款由11 Bit Studios开发的科幻生存建造游戏。玩家扮演太空采矿者扬·道尔斯基，在孤零零的外星地表上通过矿物复制出不同职业的“分身”，组成团队采矿并解决基地运转问题。游戏中，“分身”们各有性格需求与反叛情绪，玩家需平衡团队关系并面对公司利益斗争与道德抉择。游戏结合建造、探索与互动玩法，在多重人生交织中探讨领导力与生存意义。

In today’s digital-first business landscape, advanced endpoint security is not just a luxury it’s a necessity. As organizations expand their operations across cloud, remote, and hybrid environments, every endpoint becomes a potential target for cybercriminals. From sophisticated ransomware to zero-day exploits, the threats are evolving at an unprecedented pace. Selecting the right endpoint security tool […]

The post 10 Best Advanced Endpoint Security Tools – 2025 appeared first on Cyber Security News.

Barracuda Networks launched Barracuda Entra ID Backup Premium – a comprehensive, cost-effective solution to safeguard Microsoft Entra ID environments from accidental and malicious data loss. With fast, reliable recovery of vital identity data, the new offering strengthens cyber resilience and helps ensure secure, uninterrupted access to business applications and services. Seamlessly integrated with the BarracudaONE platform, Barracuda Entra ID Backup Premium provides users with centralized visibility into backup status, data health and storage insights through … More →

The post Barracuda protects Microsoft Entra ID environment from data loss appeared first on Help Net Security.

For the first time in 2025, Microsoft's Patch Tuesday updates did not bundle fixes for exploited security vulnerabilities, but the company acknowledged one of the addressed flaws had been publicly known. The patches resolve a whopping 130 vulnerabilities, along with 10 other non-Microsoft CVEs that affect Visual Studio, AMD, and its Chromium-based Edge browser. Of these, 10 are rated Critical

微软在2025年7月的Patch Tuesday更新中修复了130个漏洞,其中包括一个公开已知的信息泄露漏洞(CVE-2025-49719)和多个高危远程代码执行漏洞(CVE-2025-47981等),部分漏洞可能被用于蠕虫攻击。此外,Adobe、AMD等多家厂商也发布了安全更新,SQL Server 2012正式结束支持。

A vulnerability, which was classified as critical, has been found in Microsoft Visual Studio Code. This issue affects some unknown processing of the component Python Extension. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2020-1192. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Visual Studio Code. This affects an unknown part of the component Python Extension. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2020-1171. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in IBM Maximo Application Suite 8.10/8.11/9.0. Affected is an unknown function of the component Monitor. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2024-38314. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Maximo Application Suite 8.10.11/8.11.8/9.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Monitor. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-35146. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Maximo Application Suite 8.10.10/8.11/7 9.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component Monitor. The manipulation leads to sql injection. This vulnerability is handled as CVE-2024-35148. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.