Aggregator

A vulnerability, which was classified as problematic, has been found in Discourse up to beta 3.4.0.beta3/stable 3.3.3/tests-passed 3.4.0.beta3. This affects an unknown function of the component Video Placeholder. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-22602. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability classified as critical has been found in HubSpot jinjava up to 2.8.0. Affected by this issue is the function mapper.getTypeFactory.constructFromCanonical of the component Jinja Template Handler. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is listed as CVE-2025-59340. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Discourse up to 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. Affected by this issue is some unknown functionality. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2025-46813. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. The impacted element is the function formSysCmd. This manipulation of the argument submit-url causes buffer overflow. This vulnerability appears as CVE-2025-55602. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as critical has been detected in Tenda AX3 16.03.12.10_CN. This affects the function fromAdvSetMacMtuWan. This manipulation of the argument serverName causes buffer overflow. The identification of this vulnerability is CVE-2025-55606. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability marked as critical has been reported in D-Link DIR-619L 2.06B01. This issue affects the function formWlanSetup. Performing manipulation of the argument f_wds_wepKey results in buffer overflow. This vulnerability is identified as CVE-2025-55599. The attack can be initiated remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Tenda AX3 16.03.12.10_CN. The affected element is the function fromSetSysTime. The manipulation of the argument ntpServer leads to buffer overflow. This vulnerability is listed as CVE-2025-55603. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as critical has been discovered in Tenda AX3 16.03.12.10_CN. This issue affects the function saveParentControlInfo. Such manipulation of the argument deviceName leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-55605. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in D-Link DIR-619L 2.06B01. Impacted is the function formLanguageChange. Performing manipulation of the argument nextPage results in buffer overflow. This vulnerability was named CVE-2025-55611. The attack may be initiated remotely. There is no available exploit.

A vulnerability has been found in Discourse up to 3.4.3/3.5.0.beta4/3.5.0.beta5-dev and classified as problematic. This vulnerability affects the function topic_title of the component Email Body Handler. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2025-48062. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

Submit #661275 / VDB-326122

The world's most-popular sports contest starts in June 2026 across 16 venues in three countries: Securing the event infrastructure from cyber threats will require massive collaboration.

Microsoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. [...]

Как секретный сговор Microsoft и израильской разведки обернулся глобальным скандалом со слежкой.

GitLab has disclosed multiple high-severity Denial-of-Service (DoS) vulnerabilities that could allow unauthenticated attackers to crash self-managed GitLab instances.  These flaws impact Community Edition (CE) and Enterprise Edition (EE) versions prior to 18.4.1, 18.3.3, and 18.2.7, and exploit both HTTP endpoints and GraphQL APIs.  Administrators must upgrade immediately to prevent service interruptions and potential data loss. […]

The post GitLab High-Severity Vulnerabilities Let Attackers Crash Instances appeared first on Cyber Security News.

本文提出了一种名为 IoT-PRIDS 的轻量级非机器学习框架，用于物联网网络的入侵检测。

A vulnerability was found in zhuimengshaonian wisdom-education up to 1.0.4 and classified as problematic. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. This vulnerability is referenced as CVE-2025-11080. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The Singapore police said Facebook is the top platform for online scams in the country

A critical, perfect 10.0 CVSS score vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution was actively exploited as a zero-day at least a week before the company released a patch. The vulnerability, tracked as CVE-2025-10035, is a command injection flaw that allows for unauthenticated remote code execution. Security firm watchTowr reported credible evidence of […]

The post Fortra GoAnywhere Vulnerability Exploited as 0-Day Before Patch appeared first on Cyber Security News.

The macOS threat landscape has witnessed a significant escalation with the discovery of a new variant of the XCSSET malware targeting app developers. First observed in late September 2025, this variant builds upon earlier versions by introducing enhanced stealth techniques, expanded exfiltration capabilities, and robust persistence mechanisms. Attackers continue to leverage infected Xcode projects—the cornerstone […]

The post New Variant of The XCSSET Malware Attacking macOS App Developers appeared first on Cyber Security News.