Aggregator

CVE-2024-7595 | GRE Protocol/GRE6 Protocol improper authentication (Nessus ID 242166)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in GRE Protocol and GRE6 Protocol. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-7595. The attack can be launched remotely. There is no exploit available. Due to its background and reception, this vulnerability has an historic impact.
vuldb.com

CVE-2024-47174 | NixOS nix up to 2.18.7/2.24.7 HTTPS Connection certificate validation (GHSA-6fjr-mq49-mm2c / Nessus ID 242201)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in NixOS nix up to 2.18.7/2.24.7 and classified as critical. This issue affects some unknown processing of the component HTTPS Connection Handler. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2024-47174. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-45593 | NixOS nix up to 2.24.5 NAR path traversal (GHSA-h4vv-h3jq-v493 / Nessus ID 242201)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in NixOS nix up to 2.24.5 and classified as critical. Affected by this issue is some unknown functionality of the component NAR Handler. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-45593. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-27297 | NixOS nix up to 2.3.17/2.18.1/2.19.3/2.20.4 on Linux Unix Domain Socket toctou (GHSA-2ffj-w4mj-pg37 / Nessus ID 242201)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in NixOS nix up to 2.3.17/2.18.1/2.19.3/2.20.4 on Linux. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Unix Domain Socket Handler. The manipulation leads to time-of-check time-of-use. This vulnerability is known as CVE-2024-27297. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-38531 | NixOS nix up to 2.23.0 insecure preserved inherited permissions (Nessus ID 242201)

Vuldb Updates
9 months 1 week ago
A vulnerability was found in NixOS nix up to 2.23.0 and classified as problematic. This issue affects some unknown processing. The manipulation leads to insecure preserved inherited permissions. The identification of this vulnerability is CVE-2024-38531. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Veranderende wereldorde bevestigt belang van een weerbaar Nederland

AIVD - Nieuwsberichter
9 months 1 week ago
De machtsbalans in de wereld is aan het veranderen, waardoor Nederland steeds meer geconfronteerd wordt met onzekerheid en onvoorspelbaarheid op het internationale toneel. Landen zijn meer en meer bereid om macht te gebruiken om hun eigen belangen te verdedigen. Europa is voor zijn veiligheid en weerbaarheid meer op zichzelf aangewezen. Dit allemaal zijn conclusies uit het Dreigingsbeeld Statelijke Actoren (DBSA) 2025.

PyPI Blocks Inbox.ru Domains After 1,500+ Fake Package Uploads

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

The Python Package Index (PyPI) has implemented an administrative block on the inbox.ru email domain, prohibiting its use for new user registrations and as additional verification addresses. This action stems from a recent campaign that exploited the domain to create over 250 fraudulent accounts, which in turn uploaded more than 1,500 empty projects. These bogus […]

The post PyPI Blocks Inbox.ru Domains After 1,500+ Fake Package Uploads appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Critical SharePoint RCE Vulnerability Exploited via Malicious XML in Web Part

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

A severe remote code execution (RCE) vulnerability has been discovered in Microsoft SharePoint that allows attackers to execute arbitrary code through malicious XML content embedded within web parts. According to the recent report, the vulnerability, which affects the deserialization process of webpart properties, represents a significant security risk for organizations running vulnerable SharePoint installations. Technical […]

The post Critical SharePoint RCE Vulnerability Exploited via Malicious XML in Web Part appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Hackers Actively Exploited CitrixBleed 2 Flaw Ahead of PoC Disclosure

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

Cybersecurity researchers have discovered that threat actors began exploiting the critical CitrixBleed 2 vulnerability nearly two weeks before a public proof-of-concept was released, highlighting the sophisticated nature of modern attack campaigns. The vulnerability, tracked as CVE-2025-5777, represents a significant security risk for organizations running Citrix NetScaler appliances. Early Exploitation Timeline GreyNoise security researchers observed the […]

The post Hackers Actively Exploited CitrixBleed 2 Flaw Ahead of PoC Disclosure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months 1 week ago

A critical security vulnerability has been discovered in Cisco’s Unified Intelligence Center that allows authenticated remote attackers to upload arbitrary files to affected systems, potentially enabling complete system compromise. The flaw, tracked as CVE-2025-20274, carries a CVSS score of 6.3 and has been assigned a High security impact rating by Cisco due to the potential […]

The post Cisco Unified Intelligence Center Flaw Lets Remote Attackers Upload Arbitrary Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CVE-2025-4302 | Stop User Enumeration Plugin up to 1.7.2 on WordPress REST API /wp-json/wp/v2/users/ information exposure

VulDB Recent Entries
9 months 1 week ago
A vulnerability was found in Stop User Enumeration Plugin up to 1.7.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /wp-json/wp/v2/users/ of the component REST API. The manipulation leads to information exposure through discrepancy. This vulnerability is known as CVE-2025-4302. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad