Aggregator

CVE-2023-50301 | IBM Transformation Extender Advanced 10.0.1 log file

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in IBM Transformation Extender Advanced 10.0.1. It has been declared as problematic. This impacts an unknown function. Such manipulation leads to sensitive information in log files. This vulnerability is traded as CVE-2023-50301. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-20370 | Splunk Enterprise/Enterprise Cloud change_authentication resource consumption (SVD-2025-1005)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Splunk Enterprise and Enterprise Cloud. It has been classified as problematic. This affects the function change_authentication. This manipulation causes resource consumption. This vulnerability appears as CVE-2025-20370. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-20368 | Splunk Enterprise/Cloud Platform Error Message cross site scripting (SVD-2025-1003)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in Splunk Enterprise and Cloud Platform and classified as problematic. The impacted element is an unknown function of the component Error Message Handler. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-20368. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-20367 | Splunk Enterprise/Cloud Platform dataset.command cross site scripting (SVD-2025-1002)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability has been found in Splunk Enterprise and Cloud Platform and classified as problematic. The affected element is an unknown function. The manipulation of the argument dataset.command leads to cross site scripting. This vulnerability is documented as CVE-2025-20367. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-20366 | Splunk Enterprise/Cloud Platform Search Result access control (SVD-2025-1001)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Splunk Enterprise and Cloud Platform. Impacted is an unknown function of the component Search Result Handler. Executing manipulation can lead to improper access controls. This vulnerability is registered as CVE-2025-20366. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2025-56515 | Fiora Chat Application up to 1.0.0 SVG File Parser cross site scripting

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as problematic, has been found in Fiora Chat Application up to 1.0.0. This issue affects some unknown processing of the component SVG File Parser. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-56515. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-52041 | Frappe ERPNext 15.57.5 stock_reconciliation.py get_stock_balance_for inventory_dimensions_dict sql injection

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability classified as critical was found in Frappe ERPNext 15.57.5. This vulnerability affects the function get_stock_balance_for of the file erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py. Such manipulation of the argument inventory_dimensions_dict leads to sql injection. This vulnerability is listed as CVE-2025-52041. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.
vuldb.com

CVE-2025-52039 | Frappe ERPNext 15.57.5 material_request.py get_material_requests_based_on_supplier txt sql injection

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability classified as critical has been found in Frappe ERPNext 15.57.5. This affects the function get_material_requests_based_on_supplier of the file erpnext/stock/doctype/material_request/material_request.py. This manipulation of the argument txt causes sql injection. This vulnerability is tracked as CVE-2025-52039. The attack is possible to be carried out remotely. No exploit exists. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-52040 | Frappe ERPNext 15.57.5 queries.py get_blanket_orders blanket_order_type sql injection

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability described as critical has been identified in Frappe ERPNext 15.57.5. Affected by this issue is the function get_blanket_orders of the file erpnext/controllers/queries.py. The manipulation of the argument blanket_order_type results in sql injection. This vulnerability is identified as CVE-2025-52040. The attack can be executed remotely. There is not any exploit available. It is best practice to apply a patch to resolve this issue.
vuldb.com

CVE-2025-52042 | Frappe ERPNext 15.57.5 request_for_quotation.py get_rfq_containing_supplier txt sql injection

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability marked as critical has been reported in Frappe ERPNext 15.57.5. Affected by this vulnerability is the function get_rfq_containing_supplier of the file erpnext/buying/doctype/request_for_quotation/request_for_quotation.py. The manipulation of the argument txt leads to sql injection. This vulnerability is referenced as CVE-2025-52042. Remote exploitation of the attack is possible. No exploit is available. Applying a patch is the recommended action to fix this issue.
vuldb.com

CVE-2025-20357 | Cisco Cyber Vision up to 5.2.1 Reports Page cross site scripting (cisco-sa-cv-xss-rwRAKAJ9)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability labeled as problematic has been found in Cisco Cyber Vision up to 5.2.1. Affected is an unknown function of the component Reports Page. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-20357. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2025-20356 | Cisco Cyber Vision up to 5.2.1 Web-based Management Interface cross site scripting (cisco-sa-cv-xss-rwRAKAJ9)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability identified as problematic has been detected in Cisco Cyber Vision. This impacts an unknown function of the component Web-based Management Interface. Performing manipulation results in cross site scripting. This vulnerability was named CVE-2025-20356. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2025-20361 | Cisco Unified Communications Manager up to 15SU2 Web-based Management Interface cross site scripting (cisco-sa-cucm-stored-xss-Fnj66YLy)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Cisco Unified Communications Manager. This affects an unknown function of the component Web-based Management Interface. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-20361. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.
vuldb.com

Microsoft Previews Graph Framework to Better Integrate Cybersecurity Tools

Security Boulevard
8 months 3 weeks ago

Microsoft this week began previewing an instance of a graph that is specifically designed to facilitate integration of disparate cybersecurity tools and platforms. Based on a data lake that is now generally available and an instance of a Model Context Protocol (MCP) server, the Microsoft Sentinel graph promises to make it simpler for cybersecurity teams..

The post Microsoft Previews Graph Framework to Better Integrate Cybersecurity Tools appeared first on Security Boulevard.

Michael Vizard

New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks

Cyber Security News
8 months 3 weeks ago

Google has introduced a new AI-powered ransomware detection feature for Google Drive for desktop, designed to block cyberattacks and protect user files automatically. This enhancement adds a significant layer of security for users of Windows and macOS, addressing the persistent and costly threat of ransomware. Ransomware continues to be a major cybersecurity challenge for organizations […]

The post New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks appeared first on Cyber Security News.

Guru Baran

Managed ad