Aggregator

CVE-2025-7326 | Microsoft .AspNetCore.App.Runtime.osx-x64 up to 6.0.36 weak authentication (EUVD-2025-20507)

Vuldb Updates
1 week 4 days ago
A vulnerability, which was classified as critical, has been found in Microsoft ASP.NET Core, .AspNetCore.Identity, .AspNetCore.App.Runtime.win-arm, .AspNetCore.App.Runtime.win-arm64, .AspNetCore.App.Runtime.win-x64, .AspNetCore.App.Runtime.win-x86, .AspNetCore.App.Runtime.linux-arm, .AspNetCore.App.Runtime.linux-arm64, .AspNetCore.App.Runtime.linux-musl-arm, .AspNetCore.App.Runtime.linux-musl-arm64, .AspNetCore.App.Runtime.linux-musl-x64, .AspNetCore.App.Runtime.linux-x64, .AspNetCore.App.Runtime.osx-arm64 and .AspNetCore.App.Runtime.osx-x64 up to 6.0.36. Affected by this issue is some unknown functionality. The manipulation leads to weak authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-7326. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2024-55599 | Fortinet FortiOS/FortiProxy DNS Filter security check (FG-IR-24-053 / Nessus ID 241531)

Vuldb Updates
1 week 4 days ago
A vulnerability has been found in Fortinet FortiOS and FortiProxy and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DNS Filter. The manipulation leads to security check for standard. This vulnerability is known as CVE-2024-55599. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

乐观主义者是相似的但悲观主义者是不同的

Solidot
1 week 4 days ago
列夫·托尔斯泰(Leo Tolstoy)在《安娜·卡列尼娜》的开场白中写道:“幸福的家庭都是相似的,不幸的家庭各有各的不幸。”研究乐观主义和悲观主义的神经学家发现了一个类似的现象:在想象未来事件时,乐观主义者大脑一个关键区域的活动模式都是相似的;而悲观主义者的大脑活动模式各有各的不同。研究报告发表在 PNAS 期刊上。研究人员让参与者想象未来发生在自己或配偶身上的特定事件,同时使用 fMRI 对他们的大脑进行扫描。想象的事件部分是积极的,部分中性或消极。研究团队之后让参与者填写问卷以确定其乐观或悲观程度。他们进行了两次研究,一次参与者有 37 人,另一次 50 人。研究人员针对了一个在想象未来事件时特别活跃的区域:前额叶内侧皮质。对于结果,研究人员认为一个人可能有很多不同的方式变得悲观,而乐观者倾向于对充满希望的未来共享心智模式(Shared mental models)。

CVE-2005-3639 | Ubertec Help Center Live up to 2.0.2 File path traversal (EDB-26502 / Nessus ID 20223)

Vuldb Updates
1 week 4 days ago
A vulnerability, which was classified as problematic, was found in Ubertec Help Center Live up to 2.0.2. This affects an unknown part. The manipulation of the argument File leads to path traversal. This vulnerability is uniquely identified as CVE-2005-3639. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-34511 | Sitecore Experience Manager/Experience Platform up to 7.0 Powershell Extension unrestricted upload (EUVD-2025-18568)

Vuldb Updates
1 week 4 days ago
A vulnerability classified as critical was found in Sitecore Experience Manager and Experience Platform up to 7.0. Affected by this vulnerability is an unknown functionality of the component Powershell Extension. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-34511. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-34509 | Sitecore Experience Manager/Experience Platform 10.1.4/10.3.3/10.4.1 Administrative API hard-coded credentials (EUVD-2025-18524)

Vuldb Updates
1 week 4 days ago
A vulnerability was found in Sitecore Experience Manager and Experience Platform 10.1.4/10.3.3/10.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Administrative API. The manipulation leads to hard-coded credentials. This vulnerability is handled as CVE-2025-34509. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20279 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 Web-based Management Interface cross site scripting (cisco-sa-uccx-multi-UhOTvPGL / EUVD-2025-16885)

Vuldb Updates
1 week 4 days ago
A vulnerability, which was classified as problematic, was found in Cisco Unified Contact Center Express. Affected is an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-20279. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20275 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 aef File deserialization (cisco-sa-uccx-editor-rce-ezyYZte8 / EUVD-2025-16888)

Vuldb Updates
1 week 4 days ago
A vulnerability has been found in Cisco Unified Contact Center Express and classified as critical. Affected by this vulnerability is an unknown functionality of the component aef File Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-20275. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20130 | Cisco Identity Services Engine Software 2.7.0 p8 up to 3.2.0 p6 API access control (cisco-sa-ise-file-upload-P4M8vwXY / EUVD-2025-16893)

Vuldb Updates
1 week 4 days ago
A vulnerability was found in Cisco Identity Services Engine Software. It has been declared as critical. This vulnerability affects unknown code of the component API. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-20130. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20276 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 Web-based Management Interface deserialization (cisco-sa-uccx-multi-UhOTvPGL / EUVD-2025-16887)

Vuldb Updates
1 week 4 days ago
A vulnerability classified as problematic has been found in Cisco Unified Contact Center Express. This affects an unknown part of the component Web-based Management Interface. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-20276. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20277 | Cisco Unified Contact Center Express up to 12.5(1)_SU03_ES06 Web-based Management Interface path traversal (cisco-sa-uccx-multi-UhOTvPGL / EUVD-2025-16886)

Vuldb Updates
1 week 4 days ago
A vulnerability classified as critical was found in Cisco Unified Contact Center Express. This vulnerability affects unknown code of the component Web-based Management Interface. The manipulation leads to path traversal. This vulnerability was named CVE-2025-20277. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

INC

Dark Feed IO
1 week 4 days ago

You must login to view this content

cohenido

Scavenger Malware Compromises Popular npm Packages to Target Developers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 week 4 days ago

The well-known npm package eslint-config-prettier was released without authorization, according to several GitHub users, even though its repository did not contain any corresponding code changes. The maintainer later confirmed via social media that their npm account was compromised through a phishing email, affecting several packages including eslint-config-prettier versions 8.10.1, 9.1.1, 10.1.6, and 10.1.7; eslint-plugin-prettier versions […]

The post Scavenger Malware Compromises Popular npm Packages to Target Developers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad