Aggregator

CVE-2016-15045 | Wuhan Deepin Linux up to 0.9.53-1/0.9.66-1/15.5/15.7 lastore-daemon InstallPackage missing authentication (Exploit 39433 / EDB-39433)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Wuhan Deepin Linux up to 0.9.53-1/0.9.66-1/15.5/15.7. It has been declared as critical. Affected by this vulnerability is the function InstallPackage of the component lastore-daemon. The manipulation leads to missing authentication. This vulnerability is known as CVE-2016-15045. Local access is required to approach this attack. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-33020 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 missing encryption (EUVD-2025-22451)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to missing encryption of sensitive data. This vulnerability is traded as CVE-2025-33020. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Akira

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

CVE-2017-20198 | D2iQ DC OS Marathon up to 1.8.x Docker Container permission assignment (Exploit 42134 / EDB-42134)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as very critical, has been found in D2iQ DC OS Marathon up to 1.8.x. Affected by this issue is some unknown functionality of the component Docker Container Handler. The manipulation leads to incorrect permission assignment. This vulnerability is handled as CVE-2017-20198. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-33077 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 memory corruption

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as critical was found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-33077. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-33076 | IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1 memory corruption (EUVD-2025-22452)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability classified as critical has been found in IBM Engineering Systems Design Rhapsody 9.0.2/10.0/10.0.1. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2025-33076. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-46099 | Pluck CMS up to 4.7.20-dev Albums Module albums.site.php unrestricted upload

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Pluck CMS up to 4.7.20-dev. It has been rated as critical. This issue affects some unknown processing of the file albums.site.php of the component Albums Module. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-46099. The attack may be initiated remotely. There is no exploit available.
vuldb.com

Akira

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

CVE-2025-8069 | Amazon AWS Client VPN up to 5.2.1 on Windows OpenSSL Configuration File default permission (AWS-2025-014 / EUVD-2025-22458)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Amazon AWS Client VPN up to 5.2.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component OpenSSL Configuration File Handler. The manipulation leads to incorrect default permissions. This vulnerability was named CVE-2025-8069. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2015-10141 | Xdebug up to 2.5.5 Debugger Protocol Command os command injection (EDB-44568)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in Xdebug up to 2.5.5 and classified as critical. Affected by this issue is some unknown functionality of the component Debugger Protocol Command Handler. The manipulation leads to os command injection. This vulnerability is handled as CVE-2015-10141. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-46171 | vBulletin 3.8.7 Buddy List misc.php?do=buddylist denial of service (EUVD-2025-22462)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability has been found in vBulletin 3.8.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file misc.php?do=buddylist of the component Buddy List Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-46171. The attack can be launched remotely. There is no exploit available.
vuldb.com

CVE-2018-25114 | osCommerce Online Merchant 2.3.4.1 HTTP POST Requst install_4.php unrestricted upload (Exploit 44374 / EDB-44374)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, was found in osCommerce Online Merchant 2.3.4.1. Affected is an unknown function of the file install_4.php of the component HTTP POST Requst Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2018-25114. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-36116 | IBM DB2 Mirror for i 7.4/7.5/7.6 Websocket Connection missing origin validation in websockets

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in IBM DB2 Mirror for i 7.4/7.5/7.6. This issue affects some unknown processing of the component Websocket Connection Handler. The manipulation leads to missing origin validation in websockets. The identification of this vulnerability is CVE-2025-36116. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

气候变化导致森林火灾日益常见

Solidot
6 months 3 weeks ago
根据发表在 PNAS 期刊上的一项研究,气候变化正导致极端严重的森林火灾日益常见。2023 年和 2024 年是有记录以来最热的年份,全球逾 7800 万英亩森林被烧毁。火灾将浓烟和数十亿吨二氧化碳排放到大气中,数百万人因此面临恶劣的空气质量。对卫星图像的研究发现,2023 年和 2024 年因火灾损失的森林树冠(forest canopy)面积是过去近二十年年均损失面积的至少两倍。

Silicon Valley Engineer Pleads Guilty to Stealing Missile Detection Data for China

Cyber Security News
6 months 3 weeks ago

A dual U.S.-China citizen and former Silicon Valley engineer has pleaded guilty to stealing critical military technology secrets designed to protect American national security interests.  Chenguang Gong, 59, of San Jose, admitted to transferring over 3,600 classified files containing advanced missile detection and defense technologies to personal storage devices, with intentions to benefit the Chinese […]

The post Silicon Valley Engineer Pleads Guilty to Stealing Missile Detection Data for China appeared first on Cyber Security News.

Guru Baran

Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
6 months 3 weeks ago

SEQRITE Labs’ APT-Team has uncovered a sophisticated spear-phishing campaign dubbed Operation CargoTalon, targeting employees at Russia’s Voronezh Aircraft Production Association (VASO), a key aerospace entity. The operation leverages malicious attachments disguised as товарно-транспортная накладная (TTN) logistics documents, critical for Russian supply chains. Discovered on June 27 via VirusTotal hunting, the campaign employs a malicious EML […]

The post Operation CargoTalon Targets Russian Aerospace & Defense to Deploy EAGLET Implant appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad