Aggregator

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. This vulnerability is handled as CVE-2025-1646. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in 9001 copyparty up to 1.16.14. This vulnerability affects unknown code of the component Web UI. The manipulation leads to improper neutralization of script in attributes in a web page. This vulnerability was named CVE-2025-27145. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Photo Gallery, Sliders, Proofing Plugin up to 3.59.8 on WordPress. Affected is an unknown function of the component Image Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10545. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

In an era where open-source collaboration drives software innovation, a sophisticated cyber campaign dubbed GitVenom has emerged as a critical threat to developers.  Security researchers have uncovered over 200 malicious GitHub repositories designed to distribute information stealers and remote access trojans (RATs) by masquerading as legitimate projects.  These repositories, active for nearly two years, exploit […]

The post 200 Malicious GitHub Repos Attacking Developers to Deliver Malware appeared first on Cyber Security News.

A vulnerability was found in Oracle Identity Manager 12.2.1.4.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Installer. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-42003. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Banking Digital Experience up to 22.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component UI General. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-42003. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Analytical Applications Infrastructure up to 8.1.2.2. It has been declared as critical. This vulnerability affects unknown code of the component Infrastructure. The manipulation leads to denial of service. This vulnerability was named CVE-2022-42003. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Behavior Detection Platform 8.0.8.1/8.1.1.1/8.1.2.3/8.1.2.4. It has been rated as critical. This issue affects some unknown processing of the component Application. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-42003. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Financial Services Enterprise Case Management 8.1.2.4/8.1.2.3/8.1.1.1/8.0.8.2. Affected by this issue is some unknown functionality of the component Application. The manipulation leads to denial of service. This vulnerability is handled as CVE-2022-42003. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Oracle Business Process Management Suite 12.2.1.4.0. This affects an unknown part of the component Installer. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-42003. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Coherence 12.2.1.4.0/14.1.1.0.0 and classified as critical. This issue affects some unknown processing of the component Core. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-42003. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Oracle Communications Cloud Native Core Service Communication Proxy 22.3.0. Affected by this vulnerability is an unknown functionality of the component Install/Upgrade. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-42003. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Communications Element Manager 9.0.0/9.0.1. It has been classified as critical. Affected is an unknown function of the component BEServer. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-42003. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Oracle Communications Policy Management 12.6.0.0.0. This affects an unknown part of the component Core. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-42003. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Oracle Communications Session Report Manager 9.0.0/9.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component BEServer. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-42003. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle SD-WAN Edge 9.1.1.4.0. It has been classified as critical. This affects an unknown part of the component Internal tools. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2022-42003. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Oracle Commerce Guided Search 11.3.2 and classified as critical. This issue affects some unknown processing of the component Content Acquisition System/Workbench. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-42003. The attack may be initiated remotely. There is no exploit available.

Anthropic has started rolling out Claude 3.7 Sonnet, the company's most advanced model and the first hybrid reasoning model it has shipped. [...]

Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub 10, Nextcloud demonstrates that open source is a viable alternative for secure, enterprise-grade collaboration. What’s new in Nextcloud Hub 10 The new release improves integration, security, and performance, offering organizations a self-hosted alternative. Hub 10 introduces a range of improvements across the … More →

The post Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy appeared first on Help Net Security.

ReliaQuest claims 80% of ransomware attacks now focus solely on exfiltrating data as it is faster