Aggregator

CVE-2025-10252 | SEAT Queue Ticket Kiosk up to 20250827 Java RMI Registry deserialization

VulDB Recent Entries
9 months 1 week ago
A vulnerability, which was classified as problematic, has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. This vulnerability is handled as CVE-2025-10252. The attack can only be done within the local network. Additionally, an exploit exists. It is advisable to implement restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

How attackers weaponize communications networks

Help Net Security
9 months 1 week ago

In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He explains why attackers focus on these networks and how their motivations range from corporate espionage to geopolitical influence. The discussion also covers practical ways to secure networks and maintain reliable communication. Which types of communications networks are most attractive to attackers, and what are the primary motivations driving these attacks, such … More →

The post How attackers weaponize communications networks appeared first on Help Net Security.

Mirko Zorz

CVE-2025-10251 | FoxCMS up to 1.24 Images.php batchCope ids sql injection

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as critical was found in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. This vulnerability is known as CVE-2025-10251. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9910 | jsondiffpatch up to 0.7.1 HtmlFormatter::nodeBegin cross site scripting (SNYK-JS-JSONDIFFPATCH-10369031)

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic has been found in jsondiffpatch up to 0.7.1. Affected by this vulnerability is the function HtmlFormatter::nodeBegin. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-9910. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-10250 | DJI Mavic Spark/Mavic Air/Mavic Mini 01.00.0500 Telemetry Channel hard-coded key

VulDB Recent Entries
9 months 1 week ago
A vulnerability described as critical has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-10250. The attacker needs to be present on the local network. In addition, an exploit is available.
vuldb.com

CVE-2025-9086 | cURL up to 8.15.0 Cookie Path out-of-bounds (f24dc09d209a2f91ca38d)

VulDB Recent Entries
9 months 1 week ago
A vulnerability marked as critical has been reported in cURL up to 8.15.0. This impacts an unknown function of the component Cookie Path Handler. Performing manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-9086. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and 19.20 of the enterprise data protection solution. Critical Command Injection Vulnerabilities Discovered The most severe […]

The post Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Managed ad