Aggregator

A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Telephony Service. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-21243. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as critical. Affected by this issue is some unknown functionality of the component Telephony Service. The manipulation leads to integer overflow. This vulnerability is handled as CVE-2025-21244. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Microsoft Windows. This affects an unknown part of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-21245. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Microsoft Windows. This vulnerability affects unknown code of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-21246. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. This issue affects some unknown processing of the component Telephony Service. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-21248. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-21250. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Wikimedia Foundation строит цифровой бункер для хранителей знаний.

A critical vulnerability in SonicWall firewalls, identified as CVE-2024-53704, has been actively exploited by attackers to hijack SSL VPN sessions. This vulnerability affects SonicOS versions 7.1.x (7.1.1-7058 and older), 7.1.2-7019, and 8.0.0-8035. The exploit allows a remote attacker to bypass authentication and take control of active SSL VPN client sessions without any credentials. BishopFox experts […]

The post Unpatched SonicWall Firewalls Vulnerability Actively Exploited To Hijack SSL VPN Sessions appeared first on Cyber Security News.

A vulnerability was found in Microsoft Windows. It has been classified as critical. Affected is an unknown function of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-21266. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MapUrlToZone. The manipulation leads to improper resolution of path equivalence. This vulnerability is known as CVE-2025-21268. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been classified as critical. This affects an unknown part of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-21252. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows. It has been rated as problematic. Affected by this issue is some unknown functionality of the component HTML Platforms. The manipulation leads to improper resolution of path equivalence. This vulnerability is handled as CVE-2025-21269. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Windows. Affected is an unknown function of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-21273. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Telephony Service. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2025-21282. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Неужели переговоры по сделке года закончатся, так и не начавшись?

#File Scanner SSRF #Voting System RCE #Win注册表 #AlwaysInstallElevated #.MSI权限提升

#Spring Boot API #Cozy Cloud RCE #PostgreSQL #SSH权限提升

#HTB Printer #Server Operators sc.exe VSS权限提升

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability
• CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.