Aggregator

CVE-2025-52901 | filebrowser up to 2.33.8 get request method with sensitive query strings (EUVD-2025-19581)

Vuldb Updates
2 weeks 2 days ago
A vulnerability has been found in filebrowser up to 2.33.8 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to use of get request method with sensitive query strings. This vulnerability was named CVE-2025-52901. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-52996 | filebrowser up to 2.32.0 Password Protected Link authentication bypass (EUVD-2025-19579)

Vuldb Updates
2 weeks 2 days ago
A vulnerability, which was classified as problematic, was found in filebrowser up to 2.32.0. This affects an unknown part of the component Password Protected Link Handler. The manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-52996. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-20298 | Splunk Universal Forwarder up to 9.1.8/9.2.5/9.3.3/9.4.1 on Windows SplunkUniversalForwarder permission assignment (SVD-2025-0602 / EUVD-2025-16672)

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Splunk Universal Forwarder up to 9.1.8/9.2.5/9.3.3/9.4.1 on Windows. It has been rated as critical. This issue affects some unknown processing of the file C:\Program Files\SplunkUniversalForwarder. The manipulation leads to incorrect permission assignment. The identification of this vulnerability is CVE-2025-20298. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-52597 | Bubka 2FAuth up to 5.4.0 SVG File cross site scripting (GHSA-q5p4-6q4v-gqg3)

Vuldb Updates
2 weeks 2 days ago
A vulnerability was found in Bubka 2FAuth up to 5.4.0. It has been rated as problematic. This issue affects some unknown processing of the component SVG File Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-52597. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Surge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber Vulnerabilities

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 weeks 2 days ago

Researchers have discovered a continuous relationship between increases in threat actor activity and the eventual disclosure of new Common Vulnerabilities and Exposures (CVEs) in corporate edge technologies, according to a groundbreaking report published by GreyNoise, Inc. The study, spanning data from September 2024 onward, leverages GreyNoise’s Global Observation Grid (GOG) to monitor daily unique IP […]

The post Surge in Threat Actor Exploitation Attempts Serves as Early Warning of Emerging Cyber Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Play

Dark Feed IO
2 weeks 2 days ago

You must login to view this content

cohenido

Play

Dark Feed IO
2 weeks 2 days ago

You must login to view this content

cohenido

Play

Dark Feed IO
2 weeks 2 days ago

You must login to view this content

cohenido

Play

Dark Feed IO
2 weeks 2 days ago

You must login to view this content

cohenido

Ransomware Attack on Phone Repair and Insurance Company Cause Millions in Damage

Cyber Security News
2 weeks 2 days ago

The sudden emergence of the Royal ransomware in early 2023 marked a significant escalation in cyber threats targeting service providers across Europe. Exploiting unpatched VPN and remote-desktop gateways, attackers initiated brute-force and credential-stuffing campaigns to breach perimeter defenses. Once inside, the malware deployed a custom encryption engine that leveraged AES-256 for file encryption and RSA-4096 […]

The post Ransomware Attack on Phone Repair and Insurance Company Cause Millions in Damage appeared first on Cyber Security News.

Tushar Subhra Dutta

Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help

Cyber Security News
2 weeks 2 days ago

Two high-severity vulnerabilities in Anthropic’s Claude Code could allow attackers to escape restrictions and execute unauthorized commands. Most remarkably, Claude itself unwittingly assisted in developing the exploits used against its own security mechanisms. The vulnerabilities uncovered by Elad Beber from Cymulate, CVE-2025-54794 and CVE-2025-54795, demonstrate how AI systems’ analytical capabilities can be turned against their […]

The post Claude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help appeared first on Cyber Security News.

Guru Baran

CVE-2025-51534 | Austrian Archaeological Institute OpenAtlas 8.11.0 Name cross site scripting

VulDB Recent Entries
2 weeks 2 days ago
A vulnerability was found in Austrian Archaeological Institute OpenAtlas 8.11.0. It has been classified as problematic. This affects an unknown part. The manipulation of the argument Name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-51534. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Managed ad