Aggregator

CVE-2025-9910 | jsondiffpatch up to 0.7.1 HtmlFormatter::nodeBegin cross site scripting (SNYK-JS-JSONDIFFPATCH-10369031)

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic has been found in jsondiffpatch up to 0.7.1. Affected by this vulnerability is the function HtmlFormatter::nodeBegin. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-9910. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-10250 | DJI Mavic Spark/Mavic Air/Mavic Mini 01.00.0500 Telemetry Channel hard-coded key

VulDB Recent Entries
9 months 1 week ago
A vulnerability described as critical has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-10250. The attacker needs to be present on the local network. In addition, an exploit is available.
vuldb.com

CVE-2025-9086 | cURL up to 8.15.0 Cookie Path out-of-bounds (f24dc09d209a2f91ca38d)

VulDB Recent Entries
9 months 1 week ago
A vulnerability marked as critical has been reported in cURL up to 8.15.0. This impacts an unknown function of the component Cookie Path Handler. Performing manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-9086. The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

Dell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity flaws affecting versions 19.19 and 19.20 of the enterprise data protection solution. Critical Command Injection Vulnerabilities Discovered The most severe […]

The post Dell PowerProtect Data Manager Flaw Allows System Compromise by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-10148 | cURL up to 8.15.0 WebSocket Mask generation of predictable numbers or identifiers (d78e129d50b2d1)

VulDB Recent Entries
9 months 1 week ago
A vulnerability labeled as problematic has been found in cURL up to 8.15.0. This affects an unknown function of the component WebSocket Mask. Such manipulation leads to generation of predictable numbers or identifiers. This vulnerability is documented as CVE-2025-10148. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

Managed ad