Aggregator

CVE-2022-26917 | Microsoft Windows up to Server 2022 Fax Compose Form Remote Code Execution (EUVD-2022-31463)

Vuldb Updates
9 months ago
A vulnerability was found in Microsoft Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Fax Compose Form. The manipulation leads to Remote Code Execution. This vulnerability is known as CVE-2022-26917. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-35768 | Microsoft Windows up to Server 2022 Kernel privilege escalation (EUVD-2022-38641)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component Kernel. The manipulation leads to privilege escalation. This vulnerability is handled as CVE-2022-35768. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-21548 | bun up to 1.1.29 API prototype pollution (SNYK-JS-BUN-8499549 / EUVD-2024-3614)

Vuldb Updates
9 months ago
A vulnerability, which was classified as problematic, was found in bun up to 1.1.29. Affected is an unknown function of the component API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-21548. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware

Cyber Security News
9 months ago

Cybersecurity researchers have uncovered a sophisticated malware campaign where threat actors are exploiting Hangul Word Processor (.hwp) documents to distribute the notorious RokRAT malware. This marks a significant shift from the malware’s traditional distribution method through malicious shortcut (LNK) files, demonstrating the evolving tactics of advanced persistent threat groups. The attack campaign utilizes carefully crafted […]

The post Threat Actors Weaponizing .hwp Files to Deliver RokRAT Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
9 months ago

Arctic Wolf Labs has uncovered a sophisticated cyber-espionage operation attributed to the Dropping Elephant advanced persistent threat (APT) group, also known as Patchwork or Quilted Tiger, focusing on Turkish defense contractors specializing in precision-guided missile systems. The campaign, which began active operations in July 2025, employs a five-stage execution chain initiated through spear-phishing emails containing […]

The post Elephant APT Group Exploits VLC Player and Encrypted Shellcode in Attacks on Defense Sector appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2022-24765 | Apple Xcode up to 13.3.1 Git access control (HT213261 / EUVD-2022-29592)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, has been found in Apple Xcode up to 13.3.1. Affected by this issue is some unknown functionality of the component Git. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2022-24765. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-30165 | Microsoft Windows up to Server 2022 Azure Edition Core Hotpatch Kerberos privilege escalation (EUVD-2022-35373)

Vuldb Updates
9 months ago
A vulnerability was found in Microsoft Windows. It has been rated as critical. This issue affects some unknown processing of the component Kerberos. The manipulation leads to privilege escalation. The identification of this vulnerability is CVE-2022-30165. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2025-0765 | GitLab Community Edition/Enterprise Edition up to 18.0.4/18.1.2/18.2.0 Service Desk Email Address authorization (EUVD-2025-22487 / WID-SEC-2025-1627)

Vuldb Updates
9 months ago
A vulnerability, which was classified as problematic, has been found in GitLab Community Edition and Enterprise Edition up to 18.0.4/18.1.2/18.2.0. Affected by this issue is some unknown functionality of the component Service Desk Email Address Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-0765. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-21542 | luigi up to 3.5.x Archive Extraction _extract_packages_archive path traversal (ID 3301 / EUVD-2024-0098)

Vuldb Updates
9 months ago
A vulnerability was found in luigi up to 3.5.x and classified as problematic. Affected by this issue is the function _extract_packages_archive of the component Archive Extraction Handler. The manipulation leads to path traversal: '\..\filename'. This vulnerability is handled as CVE-2024-21542. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-40680 | Capillary CapillaryScope up to 2.4.x on Windows sensitive missing encryption (EUVD-2025-22510)

Vuldb Updates
9 months ago
A vulnerability classified as problematic was found in Capillary CapillaryScope up to 2.4.x on Windows. This vulnerability affects unknown code. The manipulation of the argument sensitive leads to missing encryption of sensitive data. This vulnerability was named CVE-2025-40680. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8107 | OB OceanBase Server prior 3.2.4.9/4.2.1.10/4.2.5/4.3.3.2/4.3.4 exposure of resource (EUVD-2025-22483)

Vuldb Updates
9 months ago
A vulnerability was found in OB OceanBase Server. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to exposure of resource. This vulnerability is handled as CVE-2025-8107. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad