Aggregator

A vulnerability marked as critical has been reported in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. This vulnerability is handled as CVE-2025-9780. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability labeled as critical has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. This vulnerability is known as CVE-2025-9779. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability identified as critical has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. This vulnerability is traded as CVE-2025-9778. An attack has to be approached locally. Furthermore, there is an exploit available.

Submit #640991 / VDB-322085

Submit #640990 / VDB-322084

Submit #640989 / VDB-322083

Submit #640988 / VDB-322082

Submit #640987 / VDB-322081

Submit #640969 / VDB-322080

Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk. A new report from Google Cloud’s Office of the CISO lays out three areas where board oversight is becoming especially important: ransomware, cyber-enabled fraud, and the intersection of innovation and cybersecurity. Ransomware is shifting to identity and help desks The report describes how ransomware attacks … More →

The post Boards are being told to rethink their role in cybersecurity appeared first on Help Net Security.

セイコーソリューションズ株式会社が提供するSkyBridge BASIC MB-A130には、OSコマンドインジェクションの脆弱性が存在します。

A vulnerability, which was classified as critical, was found in deepakmisal24 Chemical Inventory Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory_form.php. Such manipulation of the argument chem_name leads to sql injection. This vulnerability is listed as CVE-2025-9758. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability marked as critical has been reported in HashiCorp go-getter up to 1.7.7. Affected by this vulnerability is an unknown functionality. Performing manipulation results in link following. This vulnerability is identified as CVE-2025-8959. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

There is constant pressure on security leaders to decide which controls deserve the most attention and budget. A new study offers evidence on which measures are most closely linked to lower breach risk and how organizations should think about deploying them. Marsh McLennan’s Cyber Risk Intelligence Center (CRIC) analyzed thousands of organizations’ responses to its Cyber Self-Assessment and compared them with claims data. The findings highlight which controls matter most for lowering breach likelihood. Incident … More →

The post Cybersecurity signals: Connecting controls and incident outcomes appeared first on Help Net Security.

A vulnerability categorized as problematic has been discovered in Sunnet eHRD CTMS. This impacts an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-9569. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Sunnet eHRD CTMS. It has been rated as problematic. This affects an unknown function. Performing manipulation results in relative path traversal. This vulnerability is reported as CVE-2025-9570. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Sunnet eHRD CTMS. It has been declared as problematic. The impacted element is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-9568. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in Sunnet eHRD CTMS. It has been classified as problematic. The affected element is an unknown function. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2025-9567. Remote exploitation of the attack is possible. No exploit is available.

The Netherlands has officially disclosed a cyber-espionage campaign linked to China that has impacted critical sectors across the

The post Netherlands Confirms Chinese Cyber-Espionage Campaign appeared first on Penetration Testing Tools.