Aggregator

A vulnerability classified as critical was found in Microsoft Windows up to Server 2022. This vulnerability affects unknown code of the component Geolocation Service. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-21878. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Dynamics 365 and classified as critical. This vulnerability affects unknown code. The manipulation leads to privilege escalation. This vulnerability was named CVE-2022-21891. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Киберпреступник требовал биткоины, а получил срок. Его Exit Scam — тюремные ворота.

35% of Gen Z said they never or rarely update passwords after a data breach affecting one of their accounts, according to Bitwarden. Only 10% reported always updating compromised passwords. 38% of Gen Z and 31% of Millennials only change a single character or simply recycle an existing password. 79% of Gen Z admit password reuse is risky, yet 59% recycle an existing password when updating accounts with companies that disclose data breaches. 55% of … More →

The post People know password reuse is risky but keep doing it anyway appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Rocco Calvi (@TecR0c) with TecSecurity' was reported to the affected vendor on: 2025-05-02, 90 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 81 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 90 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould (@bobbygould5) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 76 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'ccc' was reported to the affected vendor on: 2025-05-02, 81 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 81 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Lays (@_L4ys) of TRAPA Security' was reported to the affected vendor on: 2025-05-02, 90 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-05-02, 95 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Michael DePlante (@izobashi) of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 84 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-05-02, 39 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-05-02, 73 days ago. The vendor is given until 2025-08-30 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability classified as critical was found in Webmin. Affected by this vulnerability is an unknown functionality. The manipulation leads to crlf injection. This vulnerability is known as CVE-2025-2774. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Sematell Sematell ReplyOne 7.4.3.0. Affected is an unknown function of the component ReplyDesk E-Mail Attachment Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-48906. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Sematell Sematell ReplyOne 7.4.3.0. It has been rated as critical. This issue affects some unknown processing of the component Application Server API. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2024-48907. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Sematell Sematell ReplyOne 7.4.3.0. It has been declared as critical. This vulnerability affects unknown code of the file /rest/sessions. The manipulation leads to permission issues. This vulnerability was named CVE-2024-48905. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in Sunnet eHRD CTMS up to 10.13. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3707. It is possible to initiate the attack remotely. There is no exploit available.