Aggregator

Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 days 11 hours ago

A critical security vulnerability in Microsoft 365’s PDF export functionality has been discovered and subsequently patched, highlighting significant risks to sensitive enterprise data. The vulnerability, which earned its discoverer a $3,000 bounty from Microsoft’s Security Response Center (MSRC), exposed a Local File Inclusion (LFI) attack vector that could potentially compromise confidential system information across multi-tenant […]

The post Microsoft 365 PDF Export Feature Vulnerable to LFI – Sensitive Data at Risk appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-49669 | Microsoft Windows Server 2008 R2 SP1 up to Server 2022 23H2 Routing/Remote Access Service heap-based overflow (EUVD-2025-20575)

Vuldb Updates
3 days 11 hours ago
A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-49669. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-49657 | Microsoft Windows Server 2008 R2 SP1 up to Server 2022 23H2 Routing/Remote Access Service heap-based overflow (EUVD-2025-20648)

Vuldb Updates
3 days 11 hours ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Routing/Remote Access Service. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-49657. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-6377 | X.org X11 Server up to 21.1.9 XKB Button Action out-of-bounds write (RHSA-2023:7886 / EUVD-2023-58618)

Vuldb Updates
3 days 11 hours ago
A vulnerability, which was classified as critical, has been found in X.org X11 Server up to 21.1.9. Affected by this issue is some unknown functionality of the component XKB Button Action Handler. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2023-6377. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-6478 | X.org X11 Server up to 21.1.9 Request out-of-bounds (RHSA-2023:7886 / EUVD-2023-58711)

Vuldb Updates
3 days 11 hours ago
A vulnerability, which was classified as problematic, was found in X.org X11 Server up to 21.1.9. This affects an unknown part of the component Request Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-6478. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-6816 | X.org X11 Server up to 21.1.10 DeviceFocusEvent/the XIQueryPointer heap-based overflow (RHSA-2024:0320 / EUVD-2023-59026)

Vuldb Updates
3 days 11 hours ago
A vulnerability, which was classified as critical, has been found in X.org X11 Server up to 21.1.10. Affected by this issue is the function DeviceFocusEvent/the XIQueryPointer. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2023-6816. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-7378 | ASUSTOR ADM up to 4.0 NAS Configuration File input validation (EUVD-2025-20789)

Vuldb Updates
3 days 11 hours ago
A vulnerability classified as problematic has been found in ASUSTOR ADM up to 4.0. This affects an unknown part of the component NAS Configuration File Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-7378. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2013-5795 | Oracle Demantra Demand Management up to 12.2.3 DM Others information disclosure (EDB-31995 / SBV-42916)

Vuldb Updates
3 days 12 hours ago
A vulnerability was found in Oracle Demantra Demand Management up to 12.2.3. It has been declared as problematic. This vulnerability affects unknown code of the component DM Others. The manipulation leads to information disclosure. This vulnerability was named CVE-2013-5795. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

Hg Purchases A-Lign to Accelerate Cyber Compliance Growth

Ransomware DataBreachToday.com
3 days 12 hours ago
Cybersecurity Compliance Vendor A-Lign Plans Global Expansion With Backing From Hg
Cybersecurity compliance firm A-LIGN has received a majority investment from Hg, a top tech-focused private equity firm. The deal supports A-LIGN's global ambitions to deliver SOC 2 and other compliance audits and leverages Hg’s expertise in scaling data and AI-driven services.

Chinese Data Leak Reveals Salt Typhoon Contractors

Ransomware DataBreachToday.com
3 days 12 hours ago
China's Hack-For-Hire Scene Disgorges Another Leak
The Chinese nation-state threat actor tracked as Salt Typhoon is operated by a clutch of private firms whose clients include multiple Chinese government agencies, finds analysis of leaked data by Spy Cloud. Researchers found a spreadsheet listing buyers, sellers and financial transaction details.

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines

The Hackers News
3 days 12 hours ago
Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform’s Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at
The Hacker News

Managed ad