Aggregator

A vulnerability classified as critical was found in Zebra ZTC ZT410-203dpi ZPL Printer. This affects an unknown function of the file setvarsResults.cgi of the component POST Handler. The manipulation results in authentication bypass using alternate channel. This vulnerability is known as CVE-2023-4957. Access to the local network is required for this attack. No exploit is available.

A vulnerability, which was classified as problematic, has been found in Dynamic AJAX Product Filters for WooCommerce Plugin up to 1.3.7 on WordPress. This affects an unknown function. This manipulation of the argument Name causes cross site scripting. This vulnerability is tracked as CVE-2025-8073. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as problematic, was found in Dynamic AJAX Product Filters for WooCommerce Plugin up to 1.3.7 on WordPress. This impacts an unknown function. Such manipulation of the argument className leads to cross site scripting. This vulnerability is listed as CVE-2025-6255. The attack may be performed from a remote location. There is no available exploit.

A vulnerability has been found in Acronis Cyber Protect Cloud Agent up to 40077 and classified as critical. This affects an unknown function. Performing manipulation results in externally controlled reference. This vulnerability is identified as CVE-2025-48963. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

Один петаFLOP в корпусе на 140 ватт.

A vulnerability was found in Comfast CF-N1 2.6.0. It has been declared as critical. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. This vulnerability is listed as CVE-2025-9586. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability was found in Comfast CF-N1 2.6.0. It has been classified as critical. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. This vulnerability is tracked as CVE-2025-9585. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Comfast CF-N1 2.6.0 and classified as critical. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in command injection. This vulnerability is identified as CVE-2025-9584. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Comfast CF-N1 2.6.0 and classified as critical. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. This vulnerability is referenced as CVE-2025-9583. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The identification of this vulnerability is CVE-2025-9582. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. This vulnerability was named CVE-2025-9581. The attack may be initiated remotely. In addition, an exploit is available.

German prosecutors charged a man with carrying out a damaging cyberattack on Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, in the weeks following Russia's invasion of Ukraine.

Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation that has targeted at least 17 organizations in a variety of economic sectors. The attacker provided Claude Code with a CLAUDE.md file that outlined what they expected of the coding assistant and used the AI tool to … More →

The post Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations appeared first on Help Net Security.

Submit #636137 / VDB-321699

Submit #636136 / VDB-321698

Submit #636131 / VDB-321697

Submit #636130 / VDB-321696

A vulnerability classified as critical was found in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the argument mac leads to os command injection. This vulnerability is uniquely identified as CVE-2025-9580. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of the argument enable causes os command injection. This vulnerability is handled as CVE-2025-9579. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #636128 / VDB-321695