Aggregator

A vulnerability was found in himmelblau up to 0.9.16 and classified as critical. The impacted element is the function acquire_token_by_hello_for_business_key of the file /etc/himmelblau/himmelblau.conf. Such manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-53013. The attack may be carried out on the physical device. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Siemens SICAM TOOLBOX II 07.10. It has been classified as critical. This impacts an unknown function of the component HTTPS Connection Handler. This manipulation causes improper certificate validation. This vulnerability appears as CVE-2024-31853. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Siemens SICAM TOOLBOX II 07.10/07.11. It has been declared as critical. Affected is an unknown function of the component HTTPS Connection Handler. Such manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2024-31854. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM InfoSphere Data Replication VSAM for z and OS Remote Source 11.4 on z/OS. It has been declared as critical. The impacted element is an unknown function of the component Log Reading Service. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2024-56468. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM Engineering Requirements Management DOORS 9.7.2.9. This impacts an unknown function. This manipulation causes weak password recovery. This vulnerability is handled as CVE-2024-43190. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 and classified as critical. Impacted is the function config_3g_para of the file /appy.cgi. Such manipulation of the argument username_3g/password_3g leads to buffer overflow. This vulnerability is referenced as CVE-2025-7077. It is possible to launch the attack remotely. Furthermore, an exploit is available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

【君哥内推】旨在帮助甲方信息安全部门发布招聘需求，推送频率不定。欢迎甲方朋友们将招聘需求发给我，我愿意出力，

最近开始学习复现Tenda的漏洞，发现很多洞都是一系列的栈溢出漏洞，这些洞的固态仿真都是一样的，函数调用流程是不一样的，但对于pwn手来说，个人感觉最难的还是固态仿真和调试，这些都一样的话，函数流程逐个分析都可以拿下

WPBookit 是用于 WordPress 的插件，功能包括在线预订和预约管理。该插件中存在缺陷，在 image_upload_handle() 函数缺少文件类型验证，使得在所有版本至 1.0.4 包括 1.0.4 的版本中，攻击者可以通过添加新的预订类型的路由（add_booking_type）上传任意文件。这种情况下，攻击者能够在受影响网站的服务器上上传任意文件，并可能进行远程代码执行。

2025L3HCTF-tellmewhy详解以及多种入口

The goal of the Quantum-Safe Program is to ensure that by 2033 all Microsoft products and services are safe by default against quantum-based attacks.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions. The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities. The U.K. imposed new sanctions on Kyrgyzstan’s Capital Bank and director Kantemir Chalbayev, accused […]

Threat Attack Daily - 20th of August 2025

Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. [...]

Ransomware Attack Update for the 20th of August 2025

The dangers are particularly severe when they secure IT positions with privileged access and administrative permissions.

The vulnerabilities themselves aren't new, but are being exploited in a novel manner that could lead to a "devastating attack."