Aggregator

CVE-2025-47933 | argocd Argo CD Repository Page cross site scripting (Nessus ID 237422)

Vuldb Updates
10 months ago
A vulnerability marked as problematic has been reported in argocd. This vulnerability affects unknown code of the component Argo CD Repository Page. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-47933. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access

Cyber Security News
10 months ago

A newly identified ransomware strain named Cephalus has emerged as a sophisticated threat, targeting organizations through compromised Remote Desktop Protocol (RDP) connections. The malware, which takes its name from Greek mythology referencing the son of Hermes who tragically killed his wife with an infallible javelin, represents a concerning evolution in ransomware deployment techniques. Cephalus distinguishes […]

The post New Cephalus Ransomware Leverages Remote Desktop Protocol to Gain Initial Access appeared first on Cyber Security News.

Tushar Subhra Dutta

IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 months ago

A critical vulnerability in IPFire 2.29’s web-based firewall interface (firewall.cgi) allows authenticated administrators to inject persistent JavaScript code, leading to session hijacking, unauthorized actions, or internal network pivoting. Tracked as CVE-2025-50975, this stored cross-site scripting (XSS) flaw poses significant risk in environments where multiple administrators share firewall management duties. Details of the Flaw The vulnerability […]

The post IPFire Firewall Admin Panel Vulnerability Enables Persistent JavaScript Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
10 months ago

The Cybersecurity and Infrastructure Security Agency (CISA) released three Industrial Control Systems (ICS) advisories on August 26, 2025, detailing nine critical vulnerabilities in INVT VT-Designer and HMITool (CVSS v4 8.5). Multiple flaws in Schneider Electric Modicon M340 controllers (CVSS v4 scores up to 9.1), and several issues in Danfoss AK-SM 8xxA Series drives (CVSS v3.1 […]

The post CISA Issues New ICS Advisories on Critical Vulnerabilities and Exploits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Google 在翻译应用中加入 AI 驱动的语言学习功能

Solidot
10 months ago
Google 正在其翻译应用(Translate app)中加入 AI 驱动的语言学习功能,进入了著名学习平台多邻国的领域。新的 Beta 学习功能使用 Gemini AI 模型生成定制课程。英语用户可以学习西班牙语和法语,西班牙语、法语和葡萄牙语用户可以学习英语。用户可以选择自己的语言水平和学习目标,创建定制学习场景,从专业对话到家庭互动。

CVE-2017-2299 | puppetlabs-apache up to 1.11.0/2.0.x ssl_certs_dir 7pk security (Nessus ID 255084 / BID-100859)

Vuldb Updates
10 months ago
A vulnerability, which was classified as critical, was found in puppetlabs-apache up to 1.11.0/2.0.x. Impacted is an unknown function. Executing manipulation of the argument ssl_certs_dir can lead to 7pk security features. This vulnerability appears as CVE-2017-2299. The attack may be performed from a remote location. There is no available exploit. You should upgrade the affected component.
vuldb.com

CVE-2018-12322 | radare2 2.6.0 libr/anal/p/anal_6502.c 6502_op Java Binary File out-of-bounds (Nessus ID 255085)

Vuldb Updates
10 months ago
A vulnerability was found in radare2 2.6.0. It has been classified as critical. This affects the function 6502_op of the file libr/anal/p/anal_6502.c. Performing manipulation as part of Java Binary File results in out-of-bounds read. This vulnerability was named CVE-2018-12322. The attack needs to be approached locally. There is no available exploit.
vuldb.com

CVE-2016-8678 | ImageMagick 7.0.3.0 File pixel-accessor.h IsPixelMonochrome out-of-bounds (Nessus ID 255087 / BID-93599)

Vuldb Updates
10 months ago
A vulnerability was found in ImageMagick 7.0.3.0. It has been classified as problematic. Affected is the function IsPixelMonochrome of the file MagickCore/pixel-accessor.h of the component File Handler. This manipulation causes out-of-bounds read. This vulnerability is tracked as CVE-2016-8678. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2018-20199 | Freeware Advanced Audio Decoder 2.8.8 libfaad/filtbank.c ifilter_bank null pointer dereference (Issue 24 / Nessus ID 255088)

Vuldb Updates
10 months ago
A vulnerability labeled as problematic has been found in Freeware Advanced Audio Decoder 2.8.8. Affected by this issue is the function ifilter_bank of the file libfaad/filtbank.c. Such manipulation leads to null pointer dereference. This vulnerability is documented as CVE-2018-20199. The attack needs to be performed locally. There is not any exploit available.
vuldb.com

CVE-2024-8069 | Citrix Session Recording/Virtual Apps and Desktops deserialization (CTX691941 / WID-SEC-2024-3443)

Vuldb Updates
10 months ago
A vulnerability, which was classified as problematic, was found in Citrix Session Recording and Virtual Apps and Desktops. Affected by this vulnerability is an unknown functionality. Such manipulation leads to deserialization. This vulnerability is traded as CVE-2024-8069. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-3478 | OpenText Enterprise Security Manager up to 7.8.1 cross site scripting (EUVD-2025-25704 / WID-SEC-2025-1904)

Vuldb Updates
10 months ago
A vulnerability identified as problematic has been detected in OpenText Enterprise Security Manager up to 7.8.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-3478. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2024-8068 | Citrix Session Recording/Virtual Apps and Desktops privileges management (CTX691941 / EUVD-2024-49530)

Vuldb Updates
10 months ago
A vulnerability was found in Citrix Session Recording and Virtual Apps and Desktops and classified as critical. This vulnerability affects unknown code. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2024-8068. The attacker must have access to the local network to execute the attack. Moreover, an exploit is present. It is suggested to upgrade the affected component.
vuldb.com

Managed ad