Aggregator

A vulnerability was found in Cisco Application Policy Infrastructure Controller and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to race condition. This vulnerability is handled as CVE-2025-20119. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco Application Policy Infrastructure Controller and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-20116. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cisco Application Policy Infrastructure Controller. Affected is an unknown function of the component CLI. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-20117. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Cisco NX-OS Software. This issue affects some unknown processing of the component Software Image Handler. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-20161. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Cisco NX-OS Software. This vulnerability affects unknown code of the component Ethernet Frame Handler. The manipulation leads to insufficient granularity of access control. This vulnerability was named CVE-2025-20111. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in pyload up to 0.5.0b3.dev78. It has been declared as problematic. This vulnerability affects unknown code of the component Login. The manipulation of the argument next leads to open redirect. This vulnerability was named CVE-2024-1240. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in usememos memos up to 0.9.x. Affected is an unknown function of the component HTML File Handler. The manipulation leads to HTML injection. This vulnerability is traded as CVE-2023-0109. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in OpenEMR up to 7.0.2.0. Affected by this vulnerability is an unknown functionality of the component Secure Messaging. The manipulation of the argument inputBody leads to cross site scripting. This vulnerability is known as CVE-2024-0875. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in craigk5n webcalendar up to 1.3.0. Affected by this issue is some unknown functionality. The manipulation of the argument Report Name leads to cross site scripting. This vulnerability is handled as CVE-2024-1097. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in wallabag 2.5.2/2.5.3. This affects an unknown part of the file /account/delete. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2023-0737. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

Что делает новые составы CR450  такими уникальными.

The post Enterprise Privacy Management with Feroot AlphaPrivacy AI: Implementation Guide appeared first on Feroot Security.

The post Enterprise Privacy Management with Feroot AlphaPrivacy AI: Implementation Guide appeared first on Security Boulevard.

Employment screening company DISA says data of 3.3 million people was exposed in a data breach lasts year, prompting AppOmni CSO Cory Michal to say that data collection companies like DISA and National Public Data need more oversight, regulations, and penalties.

The post DISA Breach Highlights Need for Stronger Oversight: AppOmni CSO appeared first on Security Boulevard.

A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites,

Discover all of the exciting events you can find us at this March and April!

The post Spring 2025 Events Spotlight appeared first on Security Boulevard.

EAGLE7 Defaced the Website of Bangladesh Madrasah Education Board

99% of organizations report API-related security issues, highlighting risks from API growth

A malicious PyPi package named 'automslc'  has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. [...]

Prioritizing vulnerabilities isn’t enough – validation ensures continuous coverage against emerging threats and allows SecOps teams to prioritize remediation to what’s really exploitable.