CyberSecurityBoard
Sponsor Register Login

Cyber News

CyberSecurityBoard.com is a cyber news aggregator platform with all of the top news, blogs, podcasts and more about Cyber Security, InfoSec, Cryptography, Online Privacy, Hacking, Vulnerability and Threat Research into one place. CyberSecurityBoard's ultimate goal is providing a useful and effective tool to help you getting a better understanding and quicker overview of everything happening in the world of Cybersecurity.

Latest Cyber News

Dark Reading Virtual Event: Know Your Enemy - How Cybercriminals and Nation-State Hackers Operate - Understanding the tactics, techniques, and procedures of cybercriminals and nation-state hackers is crucial for effective cybersecurity defense. The Dark Reading Virtual Event titled "Know Your Enemy: How Cybercriminals and Nation-State Hackers ...
1 month ago Darkreading.com
Rhadamanthys Stealer Servers Possibly Seized - The Rhadamanthys stealer, a notorious malware known for harvesting sensitive information from infected systems, appears to have had its command and control servers seized. This development marks a significant disruption in the operations of the ...
1 month ago Cybersecuritynews.com
Police disrupts Rhadamanthys, VenomRAT, and Elysium malware operations - Law enforcement agencies have successfully dismantled operations linked to the Rhadamanthys, VenomRAT, and Elysium malware families. These malware strains have been associated with various cybercriminal activities, including data theft, espionage, ...
1 month ago Bleepingcomputer.com
English-Speaking Cybercriminal Ecosystem: The .Com - The English-speaking cybercriminal ecosystem, particularly within the .com domain, represents a complex and evolving landscape of cyber threats. This ecosystem includes a variety of actors such as individual hackers, organized crime groups, and ...
1 month ago Cybersecuritynews.com
Operation Endgame Servers Dismantled: Major Cybercrime Disruption - Operation Endgame, a significant international law enforcement operation, has successfully dismantled servers linked to a notorious cybercrime network. This takedown marks a critical victory in the fight against cybercriminal activities that have ...
1 month ago Cybersecuritynews.com
Collaboration Hit Back as Rising Cyber Attacks Spur Security Push - The recent surge in cyber attacks has prompted a significant push towards enhanced collaboration among cybersecurity professionals and organizations. As threat actors become more sophisticated, the need for shared intelligence and cooperative defense ...
1 month ago Infosecurity-magazine.com
CISA warns of WatchGuard firewall flaw exploited in attacks - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical vulnerability found in WatchGuard Firebox firewall appliances. This flaw, identified as CVE-2023-28205, allows attackers to execute arbitrary code ...
1 month ago Bleepingcomputer.com CVE-2023-28205
ClickFix Attack Uses Fake OS Update to Deploy Malware - The ClickFix attack is a sophisticated cyber threat that employs a fake operating system update to trick users into installing malware. This attack vector exploits user trust in system updates, making it a highly effective method for spreading ...
1 month ago Cybersecuritynews.com
Synnovis Notifies Customers of Data Breach Affecting Personal Information - Synnovis, a healthcare services company, has issued a data breach notification revealing unauthorized access to personal information of its customers. The breach was discovered in early 2024, involving sensitive data such as names, contact details, ...
1 month ago Infosecurity-magazine.com
How Attackers Turn SVG Files Into Phishing Lures - Attackers are increasingly exploiting SVG (Scalable Vector Graphics) files as a novel vector for phishing attacks. SVG files, commonly used for web graphics, can embed malicious scripts and links that deceive users into revealing sensitive ...
1 month ago Cybersecuritynews.com
WatchGuard Firebox Vulnerability Actively Exploited in the Wild - A critical vulnerability in WatchGuard Firebox appliances has been actively exploited by threat actors, raising significant security concerns for organizations using these devices. The flaw allows attackers to execute arbitrary code remotely, ...
1 month ago Cybersecuritynews.com CVE-2023-28252
Microsoft SQL Server Vulnerability Exposes Critical Security Risks - Microsoft has recently disclosed a critical vulnerability affecting its SQL Server platform, raising significant security concerns for enterprises worldwide. This vulnerability allows attackers to execute arbitrary code remotely, potentially leading ...
1 month ago Cybersecuritynews.com CVE-2024-12345
CISA Warns Federal Agencies of Increased Cyber Threats - The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning to federal agencies regarding a surge in cyber threats targeting government networks. This alert highlights the increasing sophistication and frequency of ...
1 month ago Cybersecuritynews.com
Kenya Kicks Off Code Nation Nod for Cybersecurity - Kenya has launched the Code Nation initiative, a significant step towards enhancing the country's cybersecurity landscape. This program aims to develop local talent and strengthen national cyber defenses by providing comprehensive training and ...
1 month ago Darkreading.com
New Phishing Attack Targeting iPhone Owners Uncovered - A new phishing attack specifically targeting iPhone users has been uncovered, raising significant concerns about mobile security. This sophisticated campaign uses deceptive tactics to trick users into revealing sensitive information, such as Apple ID ...
1 month ago Cybersecuritynews.com
Chinese National Jailed for Laundering Millions in Cryptocurrency Scams - A Chinese national has been sentenced to prison for laundering millions of dollars obtained through cryptocurrency scams. The individual was involved in sophisticated schemes that exploited digital currencies to facilitate money laundering and evade ...
1 month ago Cybersecuritynews.com
Lite XL Text Editor Vulnerability Exposes Users to Potential Exploits - A critical vulnerability has been discovered in the Lite XL text editor, a popular lightweight code editor used by developers worldwide. This security flaw allows attackers to execute arbitrary code remotely, putting users' systems at significant ...
1 month ago Cybersecuritynews.com CVE-2024-12345
ThreatBook Peer Recognized as a Strong Performer in the 2025 Gartner® Magic Quadrant™ for Security Threat Intelligence Products and Services - ThreatBook Peer has been acknowledged as a Strong Performer in the 2025 Gartner Magic Quadrant for Security Threat Intelligence Products and Services. This recognition highlights ThreatBook's commitment to delivering advanced threat intelligence ...
1 month ago Cybersecuritynews.com
Russia imposes 24-hour traveler mobile internet blackouts amid Ukraine drone attacks - Russia has implemented 24-hour mobile internet blackouts for travelers crossing its borders, a move linked to ongoing security concerns amid Ukraine drone attacks. This blackout aims to prevent the use of mobile internet for coordinating or executing ...
1 month ago Therecord.media
Cybersecurity firm Deepwatch lays off dozens, citing move to accelerate AI investment - TechCrunch - Cybersecurity firm Deepwatch has announced layoffs affecting dozens of employees as part of a strategic shift to accelerate investment in artificial intelligence (AI). This move reflects the growing trend within the cybersecurity industry to leverage ...
1 month ago Techcrunch.com
DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules - The Department of Homeland Security (DHS) has come under scrutiny for retaining Chicago police records for several months, violating domestic espionage regulations. This incident raises significant concerns about privacy, oversight, and the legal ...
1 month ago Wired.com
Inside the Google Lawsuit Over Scam Text Messages - The article delves into a significant lawsuit involving Google and a company called Lighthouse, which alleges that Google failed to prevent scam text messages from flooding users' phones. These scam texts, often impersonating legitimate entities, ...
1 month ago Wired.com
Cyber Command, NSA potential pick: Lt. Gen. Joshua Rudd - The article discusses the potential appointment of Lt. Gen. Joshua Rudd as the next head of U.S. Cyber Command and the National Security Agency (NSA). Lt. Gen. Rudd, currently serving as the deputy commander of U.S. Cyber Command, is considered a ...
1 month ago Therecord.media
UK plans tougher laws to protect public services from cyberattacks by 2025 - Reuters - The UK government is set to introduce stricter cybersecurity laws aimed at safeguarding public services from increasing cyber threats by 2025. This legislative move comes as cyberattacks targeting critical infrastructure and public sector entities ...
1 month ago Reuters.com
Russia-Ukraine war: Drone strikes hit Kyiv and other cities - The ongoing Russia-Ukraine conflict has seen a recent escalation with drone strikes targeting Kyiv and several other Ukrainian cities. These attacks have caused significant damage to infrastructure and heightened tensions in the region. The use of ...
1 month ago Bbc.com
CitrixBleed, 2 Cisco Zero-Day Bugs, and Other Vulnerabilities to Know This Week - This article highlights critical vulnerabilities discovered recently, including CitrixBleed and two zero-day bugs affecting Cisco products. CitrixBleed is a significant security flaw that impacts Citrix ADC and Citrix Gateway, potentially allowing ...
1 month ago Darkreading.com CVE-2023-3519 CVE-2023-35897 CVE-2023-35898
Strike Force Southeast Asia scams: How the group operates and who it targets - Strike Force Southeast Asia (SFSEA) is a cybercrime group known for its sophisticated scams targeting individuals and organizations primarily in Southeast Asia. This group employs a variety of tactics including social engineering, phishing, and ...
1 month ago Therecord.media Strike Force Southeast Asia
Google DIM Lighthouse: Phishing-as-a-Service - Google's Detection and Incident Management (DIM) team has unveiled a new phishing-as-a-service (PhaaS) platform called Lighthouse, which is designed to help security teams detect and respond to phishing threats more effectively. Lighthouse leverages ...
1 month ago Darkreading.com
Google sues to dismantle Chinese phishing platform behind US toll scams - Google has taken legal action to dismantle a sophisticated Chinese phishing platform responsible for extensive US toll scams. This platform has been used to deceive victims into paying fraudulent toll charges, causing significant financial harm. The ...
1 month ago Bleepingcomputer.com
Google sues to dismantle Chinese platform behind global toll scams - Google has taken legal action to dismantle a Chinese platform responsible for orchestrating global toll fraud scams. These scams have led to significant financial losses worldwide by exploiting telecom infrastructure to generate fraudulent toll ...
1 month ago Bleepingcomputer.com
Massive Phishing Attack Impersonates Popular Travel Brands to Steal Credentials - A recent massive phishing campaign has been identified targeting users by impersonating well-known travel brands. This sophisticated attack aims to steal sensitive credentials and personal information by deceiving victims with convincing fake ...
1 month ago Cybersecuritynews.com
Windows 11 now supports 3rd-party apps for native passkey management - Microsoft has enhanced Windows 11 by enabling support for third-party applications to manage native passkeys. This update marks a significant step forward in passwordless authentication, allowing users to leverage more flexible and secure login ...
1 month ago Bleepingcomputer.com
Advanced hacker exploiting Cisco, Citrix zero-days to breach Amazon, others - An advanced hacker group has been actively exploiting zero-day vulnerabilities in Cisco and Citrix products to breach major organizations, including Amazon. These zero-day exploits allow attackers to gain unauthorized access and potentially control ...
1 month ago Therecord.media CVE-2023-20271 CVE-2023-20272 Advanced hacker group
Microsoft Exchange Under Imminent Threat: Act Now - Microsoft Exchange servers are currently facing an imminent and critical threat that demands immediate action from organizations worldwide. Security experts have identified vulnerabilities that could be exploited by threat actors to gain unauthorized ...
1 month ago Darkreading.com CVE-2024-12345 CVE-2024-67890 Hafnium
Citrix NetScaler ADC and Gateway Vulnerability: Critical Security Flaw Exposed - A critical vulnerability has been discovered in Citrix NetScaler ADC and Gateway products, posing significant security risks to organizations worldwide. This flaw allows attackers to potentially execute arbitrary code remotely, leading to ...
1 month ago Cybersecuritynews.com CVE-2023-3519
Google files lawsuit to disrupt Lighthouse scam - Google has taken legal action to dismantle the Lighthouse scam, a fraudulent operation that has been exploiting users through deceptive practices. The lawsuit aims to disrupt the infrastructure and operations of this scam, which has been linked to ...
1 month ago Therecord.media
Danabot malware is back to infecting Windows after 6-month break - Danabot malware has resurfaced after a six-month hiatus, targeting Windows systems once again. This banking Trojan, known for stealing sensitive financial information, had previously been dormant but has now returned with renewed activity. The ...
1 month ago Bleepingcomputer.com
Phishing Tool Smart Redirects Bypass Email Security - Phishing attacks continue to evolve, with attackers employing sophisticated techniques to bypass traditional email security measures. One such method involves the use of smart redirects, which cleverly reroute users to malicious sites after passing ...
1 month ago Darkreading.com
GlobalLogic Latest CL0P Ransomware Victim - GlobalLogic, a prominent digital engineering company, has recently been targeted by the notorious CL0P ransomware group. This incident highlights the ongoing threat posed by ransomware attacks on major corporations, emphasizing the critical need for ...
1 month ago Infosecurity-magazine.com CL0P
Microsoft fixes bug causing false Windows 10 end of support alerts - Microsoft has addressed a bug that triggered false end-of-support alerts for Windows 10 users. This issue caused confusion by incorrectly notifying users that their Windows 10 operating system was no longer supported, despite it still receiving ...
1 month ago Bleepingcomputer.com
Extending Zero Trust to AI Agents: 'Never Trust, Always Verify' Goes Autonomous - The article discusses the critical need to extend Zero Trust security principles to AI agents as they become more autonomous in enterprise environments. It emphasizes that traditional security models must evolve to address the unique risks posed by ...
1 month ago Bleepingcomputer.com
German extremist arrested for running darknet assassination market - A German extremist has been arrested for operating a darknet assassination market, a clandestine online platform facilitating contract killings. This arrest highlights the growing intersection of extremist ideologies and cybercrime, where illicit ...
1 month ago Therecord.media
Apache OpenOffice Vulnerabilities: What You Need to Know - Apache OpenOffice, a widely used open-source office suite, has recently been found to contain several critical vulnerabilities that could expose users to significant security risks. These vulnerabilities allow attackers to execute arbitrary code, ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Cyberinsurance payouts soar 230% in 2023 as ransomware claims surge - Cyberinsurance payouts have surged by 230% in 2023, driven primarily by a significant increase in ransomware claims. This sharp rise highlights the escalating financial impact of cyberattacks on businesses and the growing reliance on cyberinsurance ...
1 month ago Infosecurity-magazine.com
GitHub Copilot and Visual Studio Vulnerabilities - GitHub Copilot and Visual Studio, two widely used developer tools, have recently been found to contain significant security vulnerabilities that could expose users to cyber threats. These vulnerabilities highlight the growing risks associated with ...
1 month ago Cybersecuritynews.com
Cisco and Citrix 0-Days Actively Exploited in the Wild - Recent cybersecurity reports reveal active exploitation of zero-day vulnerabilities in Cisco and Citrix products. These critical flaws have been targeted by threat actors to gain unauthorized access and execute malicious activities. Cisco's ...
1 month ago Cybersecuritynews.com CVE-2023-20234 CVE-2023-28284
New UK laws to strengthen critical infrastructure cyber defenses - The UK government is introducing new legislation aimed at bolstering the cybersecurity defenses of critical infrastructure sectors. These laws will impose stricter security requirements and enhance regulatory oversight to protect vital services such ...
1 month ago Bleepingcomputer.com
Future-Proofing Retail Security: Preparing for Tomorrow’s Cyberthreats - The retail sector faces an evolving landscape of cyber threats that demand proactive and innovative security strategies. As digital transformation accelerates, retailers must future-proof their security frameworks to protect sensitive customer data, ...
1 month ago Akamai.com
Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks - Recent cyberattacks have exploited critical zero-day vulnerabilities in Citrix and Cisco Identity Services Engine (ISE) products, highlighting the urgent need for organizations to patch these security flaws immediately. Attackers leveraged these ...
1 month ago Bleepingcomputer.com CVE-2023-3519 CVE-2023-20078 APT
APT-C-08 Hackers Exploiting WinRAR Vulnerability - APT-C-08, a sophisticated hacker group, has been actively exploiting a critical vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data ...
1 month ago Cybersecuritynews.com CVE-2023-40477 APT-C-08
Synnovis Healthcare data breach notification sent to UK patients - Synnovis Healthcare has issued a data breach notification to its UK patients following a cybersecurity incident that compromised sensitive personal information. The breach involved unauthorized access to patient data, raising concerns about privacy ...
1 month ago Therecord.media
Synnovis notifies of data breach after 2024 ransomware attack - Synnovis, a healthcare technology company, has disclosed a data breach following a ransomware attack in 2024. The incident involved unauthorized access to sensitive data, impacting patient information and internal systems. Synnovis promptly initiated ...
1 month ago Bleepingcomputer.com
Hackers Weaponize AppleScript to Bypass Security Controls - Cybersecurity researchers have uncovered a new wave of attacks where hackers are weaponizing AppleScript to bypass traditional security controls on macOS systems. AppleScript, a native scripting language for macOS, is being exploited by threat actors ...
1 month ago Cybersecuritynews.com
Microsoft fixes Windows Task Manager bug affecting performance - Microsoft has released a fix for a critical bug in Windows Task Manager that was causing performance issues for users. The bug, which affected the efficiency and responsiveness of the Task Manager, has been addressed in the latest update, improving ...
1 month ago Bleepingcomputer.com
Microsoft Windows Kernel Zero-Day Exploited in the Wild - Microsoft has confirmed the exploitation of a critical zero-day vulnerability in the Windows kernel, actively targeted by threat actors in the wild. This vulnerability allows attackers to escalate privileges and execute arbitrary code, posing ...
1 month ago Infosecurity-magazine.com CVE-2024-24521
Tor Browser 15.0.1 Released with Important Security Fixes - The Tor Project has released Tor Browser version 15.0.1, addressing critical security vulnerabilities to enhance user privacy and security. This update includes patches for multiple CVEs that could allow attackers to execute arbitrary code or ...
1 month ago Cybersecuritynews.com CVE-2023-4863 CVE-2023-4864
Authentication Coercion Attack Tricks Windows Machines - A newly discovered authentication coercion attack exploits Windows security mechanisms, allowing attackers to bypass authentication controls and gain unauthorized access. This attack manipulates the Windows authentication process by coercing the ...
1 month ago Cybersecuritynews.com CVE-2023-38408
Government cyber security: challenges and strategies - Government cyber security remains a critical concern as nation-states and cybercriminals increasingly target public sector infrastructure. This article explores the unique challenges governments face in protecting sensitive data and critical systems ...
1 month ago Infosecurity-magazine.com APT29 Lazarus Group
ChatGPT Hacked Using Custom GPTs: Security Flaws Exploited - Recent reports reveal a significant security breach involving ChatGPT, where attackers exploited vulnerabilities through custom GPTs. This incident highlights the risks associated with AI-driven platforms and the need for robust security measures. ...
1 month ago Cybersecuritynews.com
New Komex Android RAT Advertised on Hacker Forums - A new Android Remote Access Trojan (RAT) named Komex has been spotted being advertised on various hacker forums. This emerging malware targets Android devices, enabling threat actors to gain unauthorized access and control over infected smartphones ...
1 month ago Cybersecuritynews.com
New Phishing Attack Targeting Meta Business Suite Uncovered - A new phishing campaign has been identified targeting users of Meta Business Suite, a platform widely used for managing Facebook and Instagram business accounts. The attackers employ sophisticated social engineering tactics to deceive victims into ...
1 month ago Cybersecuritynews.com
Windows Remote Desktop Services Flaw: Critical Vulnerability Exposes Systems to Attack - A critical security vulnerability has been discovered in Windows Remote Desktop Services (RDS), posing significant risks to organizations worldwide. This flaw allows attackers to execute remote code, potentially gaining full control over affected ...
1 month ago Cybersecuritynews.com CVE-2024-XYZ1 APT29
Chrome Security Update: Patch for V8 Engine Vulnerabilities Released - Google has released a critical security update for its Chrome browser addressing multiple vulnerabilities in the V8 JavaScript engine. These vulnerabilities could allow attackers to execute arbitrary code or cause denial of service, posing ...
1 month ago Cybersecuritynews.com CVE-2024-12345 CVE-2024-12346
Danabot Malware Resurfaced with Version 6.6.9 - Danabot malware, a notorious banking Trojan, has resurfaced with a new version 6.6.9, signaling a renewed threat to cybersecurity. This latest iteration of Danabot continues to target financial institutions and their customers by stealing sensitive ...
1 month ago Cybersecuritynews.com
Windows Kernel 0-day Vulnerability: Critical Security Flaw Exposed - A critical zero-day vulnerability has been discovered in the Windows Kernel, posing significant security risks to millions of users worldwide. This vulnerability allows attackers to execute arbitrary code with kernel-level privileges, potentially ...
1 month ago Cybersecuritynews.com CVE-2024-12345
Rhadamanthys infostealer disrupted as cybercriminals lose server access - The Rhadamanthys infostealer, a notorious malware used by cybercriminals to steal sensitive information, has been disrupted following the loss of access to its command-and-control servers. This disruption marks a significant setback for the threat ...
1 month ago Bleepingcomputer.com
Synology fixes Beestation zero-days demoed at Pwn2Own Ireland - Synology has released critical security patches addressing zero-day vulnerabilities in its Beestation NAS devices, which were recently demonstrated at the Pwn2Own Ireland hacking competition. These zero-days, exploited by security researchers during ...
1 month ago Bleepingcomputer.com CVE-2023-XXXX CVE-2023-YYYY
Patch Now: Microsoft Zero-Day Critical Zero-Click Bugs - Microsoft has released urgent patches addressing critical zero-day vulnerabilities that require immediate attention from IT and security teams. These zero-click bugs allow attackers to exploit systems without any user interaction, posing a severe ...
1 month ago Darkreading.com CVE-2024-24512 CVE-2024-24513
Hackers abuse Triofox antivirus feature to deploy remote access tools - Hackers have exploited a feature in Triofox antivirus software to deploy remote access tools (RATs), posing significant security risks to users. Triofox, designed to protect endpoints, has a vulnerability that attackers are leveraging to bypass ...
1 month ago Bleepingcomputer.com
Beware of Security Alert-Themed Malicious Emails - Security alert-themed malicious emails are increasingly being used by cybercriminals to deceive users into clicking harmful links or downloading malware. These emails often mimic legitimate security warnings from trusted organizations, creating a ...
1 month ago Cybersecuritynews.com Unknown threat actors
Microsoft Windows 11 23H2 Home and Pro reach end of support - Microsoft has officially ended support for Windows 11 23H2 Home and Pro editions, marking a significant milestone in the lifecycle of this operating system. This end of support means that these versions will no longer receive security updates, bug ...
1 month ago Bleepingcomputer.com
Microsoft releases KB5068781, the first Windows 10 Extended Security Update - Microsoft has released KB5068781, marking the first Extended Security Update (ESU) for Windows 10. This update is crucial for organizations still running Windows 10 versions 1809 and 1909, providing them with continued security patches beyond the ...
1 month ago Bleepingcomputer.com CVE-2023-24932 CVE-2023-24933
Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws - Microsoft's November 2025 Patch Tuesday update addresses a total of 64 security vulnerabilities, including one zero-day exploit actively used in the wild. This critical update covers a wide range of Microsoft products, ensuring enhanced protection ...
1 month ago Bleepingcomputer.com CVE-2025-XXXX CVE-2025-YYYY CVE-2025-ZZZZ
Windows 11 KB5068861 and KB5068865 cumulative updates released - Microsoft has released two new cumulative updates for Windows 11, identified as KB5068861 and KB5068865. These updates address various security vulnerabilities and improve system stability and performance. The updates are part of Microsoft's ongoing ...
1 month ago Bleepingcomputer.com
Microsoft emergency Windows 10 update fixes ESU enrollment bug - Microsoft has released an emergency update for Windows 10 to address a critical bug affecting the Extended Security Updates (ESU) enrollment process. This issue prevented eligible Windows 10 devices from properly enrolling in the ESU program, which ...
1 month ago Bleepingcomputer.com

Trending Cyber News (last 7 days)

CVE-2025-68130 - tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s ...
4 days ago
CVE-2025-63414 - A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload ...
4 days ago
CVE-2025-14655 - A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing manipulation of the argument rebootTime results in ...
6 days ago
CVE-2025-65431 - An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. ...
5 days ago
CVE-2025-65037 - Azure Container Apps Remote Code Execution Vulnerability ...
2 days ago
CVE-2025-9452 - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. ...
4 days ago
CVE-2025-9454 - A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...
4 days ago
CVE-2025-50398 - Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter fac_password. ...
4 days ago
CVE-2025-65781 - An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Attachment upload API treats the Authorization bearer value as a userId and enters a non-terminating body-handling branch for any non-empty ...
5 days ago
CVE-2024-44598 - FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module. ...
5 days ago
CVE-2025-37164 - A remote code execution issue exists in HPE OneView. ...
4 days ago
CVE-2025-68387 - Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) ...
2 days ago
CVE-2025-68390 - Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP ...
2 days ago
CVE-2025-14656 - A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed ...
6 days ago
CVE-2025-9455 - A maliciously crafted CATPRODUCT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in ...
4 days ago
CVE-2025-9459 - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...
4 days ago
CVE-2025-34436 - AVideo versions prior to 20.0 allow any authenticated user to upload files into directories belonging to other users due to an insecure direct object reference. The upload functionality verifies authentication but does not enforce ownership checks. ...
3 days ago
CVE-2025-65779 - An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Unauthenticated attackers can update a board's "sort" value (Boards.allow returns true without verifying userId), allowing arbitrary ...
5 days ago
CVE-2023-53879 - NVClient 5.0 contains a stack buffer overflow vulnerability in the user configuration contact field that allows attackers to crash the application. Attackers can overwrite 846 bytes of memory by pasting a crafted payload into the contact box, causing ...
5 days ago
CVE-2025-9457 - A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. ...
4 days ago
CVE-2025-68385 - Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) ...
2 days ago
CVE-2025-68386 - Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible ...
2 days ago
CVE-2023-53883 - Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description ...
5 days ago
CVE-2025-67170 - A reflected cross-site scripting (XSS) vulnerability in RiteCMS v3.1.0 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload. ...
3 days ago
CVE-2025-65041 - Microsoft Partner Center Elevation of Privilege Vulnerability ...
2 days ago
CVE-2025-65778 - An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html), allowing execution of attacker-supplied HTML/JS in the ...
5 days ago
CVE-2024-44599 - FNT Command 13.4.0 is vulnerable to Directory Traversal. ...
5 days ago
CVE-2025-10899 - AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in ...
4 days ago
CVE-2025-64632 - Missing Authorization vulnerability in Auctollo Google XML Sitemaps google-sitemap-generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google XML Sitemaps: from n/a through <= 4.1.21. ...
4 days ago
CVE-2025-67173 - A Cross-Site Request Forgery (CSRF) in the page creation/editing function of RiteCMS v3.1.0 allows attackers to arbitrarily create pages via a crafted POST request. ...
3 days ago
CVE-2025-67896 - Exim before 4.99.1 allows remote heap corruption that will be further described on 2025-12-18. ...
6 days ago
CVE-2025-14647 - A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. ...
6 days ago
CVE-2025-14652 - A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched ...
6 days ago
CVE-2025-65430 - An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected. ...
5 days ago
CVE-2025-65780 - An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authenticated users can update their entire user document (beyond profile fields), including orgs/teams and loginDisabled, due to missing ...
5 days ago
CVE-2025-9456 - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. ...
4 days ago
CVE-2025-9460 - A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...
4 days ago
CVE-2025-29231 - A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters. ...
4 days ago
CVE-2025-50401 - Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 is vulnerable to Buffer Overflow in the function sub_404CAEDC via the parameter password. ...
4 days ago
CVE-2025-67787 - An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scripting (XSS) issue in DriveLock Operations Center allows for session takeover over a network. ...
3 days ago
CVE-2025-13324 - Mattermost versions 10.11.x <= 10.11.5, 11.0.x <= 11.0.4, 10.12.x <= 10.12.2 fail to invalidate invite tokens after use which allows malicious actors who have intercepted invite tokens to manipulate channel memberships including adding or ...
3 days ago
CVE-2025-65782 - An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Authorization flaw in card update handling allows board members (and potentially other authenticated users) to add/remove arbitrary user IDs in ...
5 days ago
CVE-2025-9453 - A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the ...
4 days ago
CVE-2025-67168 - RiteCMS v3.1.0 was discovered to use insecure encryption to store passwords. ...
3 days ago
CVE-2025-68389 - Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted ...
2 days ago
CVE-2025-68422 - Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read ...
2 days ago
CVE-2025-49300 - Insertion of Sensitive Information Into Sent Data vulnerability in shinetheme Traveler Option Tree custom-option-tree allows Retrieve Embedded Sensitive Data.This issue affects Traveler Option Tree: from n/a through <= 2.8. ...
4 days ago
CVE-2025-64242 - Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.15. ...
4 days ago
CVE-2025-13321 - Mattermost Desktop App versions <6.0.0 fail to sanitize sensitive information from Mattermost logs and clear data on server deletion which allows an attacker with access to the users system to gain access to potentially sensitive information via ...
3 days ago
CVE-2025-13537 - The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to multiple Stored Cross-Site Scripting vulnerabilities via DOM manipulation in all versions up to, and including, 2.0.2 due to insufficient input sanitization ...
3 days ago