Aggregator

A vulnerability classified as critical was found in Oracle MySQL Server up to 8.0.42/8.4.5/9.3.0. This vulnerability affects unknown code of the component Optimizer. The manipulation leads to improper authorization. This vulnerability was named CVE-2025-50083. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Oracle Server up to 8.0.42/8.4.5/9.3.0. This issue affects some unknown processing of the component Optimizer. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-50084. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Oracle MySQL Server up to 8.0.42/8.4.5/9.3.0. Affected is an unknown function of the component InnoDB. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-50085. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Oracle MySQL Server up to 8.0.42/8.4.5/9.3.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Components Service. The manipulation leads to improper authorization. This vulnerability is known as CVE-2025-50086. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Cluster and MySQL Server up to 7.6.34/8.0.42/8.4.5/9.3.0 and classified as critical. Affected by this issue is some unknown functionality of the component Optimizer. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-50087. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle MySQL Cluster and MySQL Client up to 7.6.34/8.0.42/8.4.5/9.3.0 and classified as critical. Affected by this issue is some unknown functionality of the component Mysqldump. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-50081. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Hackers abused fake GitHub accounts to spread Emmenhtal, Amadey, Lumma and Redline infoStealers in attacks linked to a phishing campaign targeting Ukraine in early 2025.

Квантовому навигатору не страшны войны, глушилки и космос.

At the upcoming Black Hat USA 2025 in Las Vegas, Stellar Cyber will debut its Identity Threat Detection & Response (ITDR) capabilities, fully embedded into its open, unified, AI-driven SecOps platform. See Identity Threat Detection & Response (ITDR) capabilities in action at Booth 5642, August 2–7, 2025, or book your meeting here. ITDR marks a step forward on the journey to a human-augmented autonomous SOC, empowering security teams with identity-centric visibility and control—without requiring yet … More →

The post Stellar Cyber enhances identity security with ITDR capabilities appeared first on Help Net Security.

A vulnerability was found in Samsung Members 2.4.25/3.9.10.11/4.2.005. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to path traversal: '.../...//'. The identification of this vulnerability is CVE-2025-20949. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Notes up to 4.4.26.71. Affected is an unknown function. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-20976. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mitsubishi Electric PV-DR004J and PV-DR004JA. It has been rated as critical. Affected by this issue is some unknown functionality of the component Communication Handler. The manipulation leads to weak password requirements. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-5022. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Mitsubishi Electric PV-DR004J and PV-DR004JA. This affects an unknown part. The manipulation leads to hard-coded credentials. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-5023. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Alteryx Server 2023.1.1.460. It has been rated as critical. This issue affects some unknown processing of the component Local Storage. The manipulation leads to manage user sessions. The identification of this vulnerability is CVE-2025-28244. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Madara Plugin up to 2.2.3 on WordPress. It has been classified as problematic. Affected is the function wp_manga_delete_zip. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-7712. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in UNIMAX Hospital Information System up to 2024.1.2.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-7735. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. This vulnerability is known as CVE-2025-7729. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. This vulnerability is traded as CVE-2025-7728. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.

A vulnerability, which was classified as problematic, has been found in Alteryx Server 2023.1.1.460. Affected by this issue is some unknown functionality of the component Notification Body Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-28245. The attack may be launched remotely. There is no exploit available.