Aggregator

A vulnerability, which was classified as critical, was found in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. This vulnerability is registered as CVE-2025-10232. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Новый телефон HMD Global сделает госслужащих чуть неуязвимее.

A vulnerability, which was classified as problematic, has been found in AxxonSoft AxxonOne up to 2.0.8 on Windows/Linux. Affected by this vulnerability is an unknown functionality of the component Object Archive. Performing manipulation results in missing encryption of sensitive data. This vulnerability is cataloged as CVE-2025-10227. The attack may be carried out on the physical device. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in AxxonSoft AxxonOne up to 2.0.1 on Windows. Affected is an unknown function. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-10222. The attack must be carried out locally. There is no available exploit.

The system, a five-year effort to address memory safety “at scale,” is the result of spyware developers making zero-click exploits that targeted a device’s memory.

The post Apple’s new Memory Integrity Enforcement system deals a huge blow to spyware developers appeared first on CyberScoop.

A vulnerability classified as problematic has been found in AxxonSoft AxxonNet up to 2.0.4 on Windows. This impacts an unknown function of the component ARP Agent. This manipulation causes sensitive information in log files. This vulnerability is tracked as CVE-2025-10221. The attack is restricted to local execution. No exploit exists.

A vulnerability described as critical has been identified in AxxonSoft AxxonOne up to 2.0.2 on Windows. This affects an unknown function of the component Web Admin Panel. The manipulation results in session expiration. This vulnerability is identified as CVE-2025-10223. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

Submit #641567 / VDB-323501

A vulnerability marked as critical has been reported in AxxonSoft AxxonOne up to 2.0.2 on Windows. The impacted element is an unknown function of the component LDAP Group Membership Handler. The manipulation leads to improper authentication. This vulnerability is referenced as CVE-2025-10224. Remote exploitation of the attack is possible. No exploit is available.

CyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets states perceived as hostile to Russian interests, leveraging sophisticated encryption techniques that render decryption impossible. This article delivers a technical analysis […]

The post CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability labeled as critical has been found in AxxonSoft AxxonOne up to 2.0.4 on Windows. The affected element is an unknown function of the component Google.Protobuf/DynamicData/System.Runtime.CompilerServices. Executing manipulation can lead to use of unmaintained third party components. The identification of this vulnerability is CVE-2025-10220. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as critical has been detected in AxxonSoft AxxonOne up to 2.0.8 on Windows/Linux. Impacted is an unknown function of the component PostgreSQL Backend. Performing manipulation results in dependency on vulnerable third-party component. This vulnerability was named CVE-2025-10226. The attack may be initiated remotely. There is no available exploit.

A vulnerability categorized as critical has been discovered in AxxonSoft AxxonOne up to 2.0.6 on Windows. This issue affects some unknown processing. Such manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-10225. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Blackboard 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file login.pl/ProcessInfo.cgi/index.cgi. Such manipulation of the argument course_id/CTID/Message leads to basic cross site scripting. This vulnerability is referenced as CVE-2002-1007. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Newtonsoft.Json up to 13.0.0. This impacts the function JsonConvert.DeserializeObject. Performing manipulation results in handling of exceptional conditions. This vulnerability is identified as CVE-2024-21907. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Working Resources Inc. BadBlue 1.7.3 Enterprise/1.7.3 Personal. It has been rated as critical. This issue affects some unknown processing of the file ext.ini. The manipulation leads to information disclosure (Password). This vulnerability is referenced as CVE-2002-1022. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Impacted is an unknown function of the component Ancillary Function Driver for WinSock. The manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-54099. The attack requires a local approach. No exploit exists. It is best practice to apply a patch to resolve this issue.

A vulnerability has been found in Microsoft Windows and classified as problematic. The affected element is an unknown function of the component SMB Client. This manipulation causes use after free. This vulnerability appears as CVE-2025-54101. The attack may be initiated remotely. There is no available exploit. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Excel. Affected is an unknown function. Performing manipulation results in use after free. This vulnerability is cataloged as CVE-2025-54904. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to install a patch to address this issue.

A vulnerability was found in Working Resources Inc. BadBlue 1.7.3 Enterprise/1.7.3 Personal. It has been declared as critical. This vulnerability affects unknown code of the file EXT.INI of the component HTTP Request Handler. Executing manipulation can lead to information disclosure (File). The identification of this vulnerability is CVE-2002-1021. The attack may be launched remotely. Furthermore, there is an exploit available.