CyberSecurityBoard
Sponsor Register Login

CVE-2025-0400

A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

This Cyber News was published on www.tenable.com. Publication date: Mon, 13 Jan 2025 13:11:03 +0000


Cyber News related to CVE-2025-0400

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
11 months ago Bleepingcomputer.com
CVE-2025-0400 - A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. ...
1 day ago Tenable.com
CVE-2025-0246 - When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This ...
6 days ago Tenable.com
Zebra ZTC Industrial ZT400 and ZTC Desktop GK420d - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker to send specially crafted packets to change credentials without any prior authentication. A vulnerability of authentication bypass has been found in Zebra ...
1 year ago Cisa.gov
UK to replace physical biometric immigration cards with e-visas - By 2025, Britain is set to ditch physical immigration status documents such as Biometric Residence Permits and Biometric Residence Cards in a bid to make its borders digital, which is in-line with developed countries like Australia. Presently, ...
11 months ago Bleepingcomputer.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
7 months ago Cisa.gov
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
King Charles III signs off on UK Online Safety Act The Register - With the assent of King Charles, the United Kingdom's Online Safety Act has become law, one that the British government says will "Make the UK the safest place in the world to be online." The Online Safety Act, which began in April 2019 as the Online ...
1 year ago Theregister.com
The Momentum, the Margin and the "Magic" with Cisco MSP Partners - The momentum of Cisco's Managed Service Provider partners is undeniable. A recent Canalys study¹ indicates that a striking 79% of partners anticipate growth in this sector in 2023, with 56% expecting growth rates to exceed 10%. By 2027, the managed ...
1 year ago Feedpress.me
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft Will Charge for Windows 10 Security Updates in 2025 - All good things must come to an end, and a decade after its first release, Windows 10 will finally be sent to a farm upstate. It had a good run, though Microsoft plans to keep dropping security updates after the OS' demise on Oct. 14, 2025. Just be ...
1 year ago Packetstormsecurity.com
Microsoft Exchange 2019 has reached end of mainstream support - Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. Starting today, the company says it will no longer accept requests for bug fixes and Design Change Requests, but it ...
1 year ago Bleepingcomputer.com
Generative AI's enterprise gamble: IT leaders bet big on tech despite security woes - Enterprise IT teams are moving swiftly to adopt generative artificial intelligence systems like ChatGPT, according to a new report from Glean and ISG. The report found that IT leaders see generative AI as transformational and are willing to increase ...
11 months ago Venturebeat.com
Microsoft is bringing the Linux sudo command to Windows Server - Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications. Superuser do, or sudo, is a Linux console program that allows low-privileged users to execute a ...
11 months ago Bleepingcomputer.com
Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs - Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. Among this cumulative update's highlights, Microsoft mentions fixing an issue causing the Windows File ...
7 months ago Bleepingcomputer.com
Tesla Issues Fourth Recall For Cybertruck - Most Cybertrucks in the United States are being recalled over problems with windshield wipers and exterior trim. Elon Musk's Tesla is once again having to issue a recall for thousands of its slab-sided Cybertruck vehicles due to a couple of ...
6 months ago Silicon.co.uk
CVE-2021-47489 - In the Linux kernel, the following vulnerability has been resolved: ...
7 months ago
CVE-2009-3648 - Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when ...
7 years ago
CVE-2016-0400 - CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks ...
7 years ago
CVE-2013-0400 - Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. ...
7 years ago
CVE-1999-0400 - Denial of service in Linux 2.2.0 running the ldd command on a core file. ...
16 years ago
CVE-2001-0400 - nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. ...
16 years ago
CVE-2006-6680 - Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. ...
16 years ago
CVE-2002-0400 - ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in ...
16 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)