Aggregator

A vulnerability was found in osquery up to 3.2.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Code Signing Handler. The manipulation leads to 7pk security features. This vulnerability is known as CVE-2018-6336. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle Outside In Technology 8.5.4/8.5.5. It has been classified as critical. This affects an unknown part of the component Installation. The manipulation leads to missing release of resource. This vulnerability is uniquely identified as CVE-2018-20622. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A top Republican said lawmakers needed more information about the proposed reductions, while Democrats were more searing in their criticisms.

The post House appropriators have reservations — or worse — about proposed CISA cuts appeared first on CyberScoop.

Alleged Sale of Confidential Pakistan Defense Production Data, Including Strategic Plans with China and Turkey

Discover how fintechs are using AI-driven protection to stop payment fraud and stay ahead of evolving cyber threats.

The post The Rise of AI-Powered Bots in Payment Fraud & How FinTechs Can Protect Themselves appeared first on Security Boulevard.

Currently trending CVE - Hype Score: 3

Currently trending CVE - Hype Score: 1 - The Verification SMS with TargetSMS plugin for WordPress is vulnerable to limited Remote Code Execution in all versions up to, and including, 1.5 via the 'targetvr_ajax_handler' function. This is due to a lack of validation on the type of function that can be called. This makes ...

A vulnerability has been found in Apache ActiveMQ up to 5.16.7/5.17.6/5.18.6/6.1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OpenWire Command Handler. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2025-27533. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Login Lockdown & Protection Plugin up to 2.11 on WordPress. Affected is the function ajax_run_tool. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-3766. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in MrDoc up to 0.95. This issue affects the function validate_url of the file app_doc/utils.py. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-45250. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Tenda RX3 16.03.13.11. This vulnerability affects the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. This vulnerability was named CVE-2025-44900. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Netgear EX8000 1.0.0.126. This affects the function action_wireless. The manipulation of the argument Iface leads to command injection. This vulnerability is uniquely identified as CVE-2025-45492. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Liferay Portal and DXP. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/apps/marketplace/marketplace-app-manager-web. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-4388. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Elastic Kibana up to 8.17.5/8.18.0/9.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Machine Learning/Reporting. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2025-25014. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linksys E5600 1.1.0.26. It has been classified as critical. Affected is the function runtime.ddnsStatus. The manipulation of the argument Username leads to command injection. This vulnerability is traded as CVE-2025-45491. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Linksys E5600 1.1.0.26 and classified as critical. This issue affects the function runtime.ddnsStatus. The manipulation of the argument Password leads to command injection. The identification of this vulnerability is CVE-2025-45490. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Linksys E5600 1.1.0.26 and classified as critical. This vulnerability affects the function runtime.ddnsStatus. The manipulation of the argument Hostname leads to command injection. This vulnerability was named CVE-2025-45489. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Linksys E5600 1.1.0.26. This affects the function runtime.ddnsStatus. The manipulation of the argument mailex leads to command injection. This vulnerability is uniquely identified as CVE-2025-45488. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linksys E5600 1.1.0.26. Affected by this issue is the function runtime.InternetConnection. The manipulation leads to command injection. This vulnerability is handled as CVE-2025-45487. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Dell Storage Center and Storage Manager up to 2020 R1.20. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-23379. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.