Aggregator

A vulnerability, which was classified as very critical, has been found in PlexTrac up to 2.8.0. This affects an unknown function of the component API Endpoint. Performing manipulation results in file inclusion. This vulnerability is cataloged as CVE-2024-11838. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in PlexTrac up to 2.8.0. This impacts an unknown function. Executing manipulation can lead to resource consumption. This vulnerability is registered as CVE-2024-11835. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability was found in PlexTrac up to 2.8.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation results in server-side request forgery. This vulnerability is reported as CVE-2024-11836. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Mattermost up to 9.7.5/9.8.2/9.9.2. This vulnerability affects unknown code of the component Scheme Update Handler. Executing manipulation can lead to incorrect authorization. This vulnerability is handled as CVE-2024-12247. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Mattermost up to 9.5.11/9.11.3/10.0.1/10.1.1. Affected by this vulnerability is an unknown functionality of the component Email Address Handler. Such manipulation leads to improper check for unusual conditions. This vulnerability is uniquely identified as CVE-2024-11599. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management. […]

IOC Alert: Lumma Stealer API Endpoint Identified

Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archives. The malicious campaign leverages Microsoft Excel add-in files containing the CABINETRAT backdoor, representing a significant evolution in targeted cyber operations against Ukrainian entities. The attack methodology involves distributing […]

The post Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files appeared first on Cyber Security News.

Adobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. [...]

Cybersecurity researchers have uncovered a sophisticated Android malware campaign targeting seniors through fraudulent travel and social activity promotions on Facebook. The newly identified Datzbro malware represents a dangerous evolution in mobile threats, combining advanced spyware capabilities with remote access tools designed to facilitate financial fraud. This campaign, first detected in August 2025, has expanded beyond […]

The post Threat Actors Leveraging Senior Travel Scams to Deliver Datzbro Malware appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in Novell GroupWise up to 8.0. Impacted is an unknown function of the component GroupWise Internet Agent. The manipulation leads to memory corruption. This vulnerability is documented as CVE-2009-0410. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability has been found in Oracle Database 11g 11.1.0.7 and classified as problematic. This vulnerability affects the function ncrfintn of the component Listener. This manipulation causes denial of service. This vulnerability appears as CVE-2009-0991. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Shinji-chiba SCMPX 1.5.1. The impacted element is an unknown function. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2009-2403. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, was found in Novell eDirectory 8.8. This affects an unknown function of the component iMonitor. The manipulation results in numeric error. This vulnerability is reported as CVE-2009-0192. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability has been found in Novell eDirectory 8.8 and classified as critical. Affected is an unknown function. This manipulation causes memory corruption. This vulnerability is registered as CVE-2009-4654. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Учёные впервые воспроизвели загадочные нити газа вокруг скоплений.

A sophisticated malicious package has infiltrated the Python Package Index (PyPI), masquerading as a legitimate SOCKS5 proxy tool while harboring backdoor capabilities that target Windows systems. The SoopSocks package, tracked as XRAY-725599, presents itself as a benign networking utility that creates SOCKS5 proxy services and reports server information to configurable Discord webhooks. However, beneath this […]

The post Malicious PyPI Package Mimics as SOCKS5 Proxy Tool Attacking Windows Platforms appeared first on Cyber Security News.

A vulnerability labeled as critical has been found in MongoDB Server up to 5.0.29/6.0.18/7.0.14/8.0.3. This issue affects some unknown processing of the component BSON Requests Handler. The manipulation results in improper neutralization of null byte or nul character. This vulnerability is cataloged as CVE-2024-10921. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Elastic Kibana up to 8.15.0. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to deserialization. This vulnerability is referenced as CVE-2024-37285. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in Nextcloud Server up to 28.0.11/29.0.8/30.0.1. It has been classified as problematic. The affected element is an unknown function. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-52523. It is possible to launch the attack on the physical device. No exploit exists. Upgrading the affected component is recommended.