Aggregator

CVE-2024-6006 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Summer Schedule Schedule Name cross site scripting (EUVD-2024-47170)

Vuldb Updates
7 months ago
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2024-6006. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version."
vuldb.com

CVE-2024-6005 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Department Section Department Name cross site scripting (EUVD-2024-47169)

Vuldb Updates
7 months ago
A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-6005. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor explains, "that ZKBio Security V5000 has been withdrawn from the market and [is] recommended for upgrading to the ZKBio CVSecurity latest version."
vuldb.com

Researchers Reveal How Hacktivist Groups Gain Attention and Choose Their Targets

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months ago

Cybersecurity researchers at Graphika have unveiled comprehensive findings on the operational dynamics of hacktivist organizations, revealing sophisticated attention-seeking behaviors and strategic target selection methodologies. Through their ATLAS intelligence reporting platform, analysts have systematically monitored approximately 700 active and inactive hacktivist entities since 2022, encompassing state-sponsored personas, geopolitically aligned collectives supporting Russia and Ukraine, and regionally-focused […]

The post Researchers Reveal How Hacktivist Groups Gain Attention and Choose Their Targets appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

INC

Dark Feed IO
7 months ago

You must login to view this content

cohenido

INC

Dark Feed IO
7 months ago

You must login to view this content

cohenido

INC

Dark Feed IO
7 months ago

You must login to view this content

cohenido

INC

Dark Feed IO
7 months ago

You must login to view this content

cohenido

CVE-2025-41237 | VMware Cloud Foundation Virtual Machine Communication Interface out-of-bounds write (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
7 months ago
A vulnerability was found in VMware Cloud Foundation, vSphere Foundation, ESXi, Workstation, Fusion, Telco Cloud Platform and Telco Cloud Infrastructure. It has been classified as critical. This affects an unknown part of the component Virtual Machine Communication Interface. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-41237. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41239 | VMware ESXi vSockets uninitialized resource (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
7 months ago
A vulnerability was found in VMware ESXi, Cloud Foundation, Workstation, Fusion, Telco Cloud Platform, Telco Cloud Infrastructure and Tools. It has been rated as problematic. This issue affects some unknown processing of the component vSockets. The manipulation leads to uninitialized resource. The identification of this vulnerability is CVE-2025-41239. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-41236 | VMware ESXi VMXNET3 Virtual Network Adapter out-of-bounds write (Nessus ID 242168 / WID-SEC-2025-1576)

Vuldb Updates
7 months ago
A vulnerability classified as critical has been found in VMware ESXi, Cloud Foundation, Workstation, Fusion, Telco Cloud Platform and Telco Cloud Infrastructure. Affected is an unknown function of the component VMXNET3 Virtual Network Adapter. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-41236. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-56337 | Apache Tomcat up to 9.0.97/10.1.33/11.0.1 Incomplete Fix CVE-2024-50379 toctou (Nessus ID 213078 / WID-SEC-2024-3744)

Vuldb Updates
7 months ago
A vulnerability, which was classified as critical, was found in Apache Tomcat up to 9.0.97/10.1.33/11.0.1. This affects an unknown part of the component Incomplete Fix CVE-2024-50379. The manipulation leads to time-of-check time-of-use. This vulnerability is uniquely identified as CVE-2024-56337. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-50379 | Apache Tomcat up to 9.0.97/10.1.33/11.0.1 JSP Compilation toctou (Nessus ID 213078 / WID-SEC-2024-3722)

Vuldb Updates
7 months ago
A vulnerability has been found in Apache Tomcat up to 9.0.97/10.1.33/11.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component JSP Compilation. The manipulation leads to time-of-check time-of-use. This vulnerability is known as CVE-2024-50379. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CISA Releases Three Industrial Control Systems Advisories

CISA News
7 months ago

CISA released three Industrial Control Systems (ICS) advisories on July 17, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

CISA

UNG0002 Actors Weaponize LNK Files via ClickFix Fake CAPTCHA Pages

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months ago

Cybersecurity researchers at Seqrite Labs have identified a sophisticated espionage group designated as UNG0002 (Unknown Group 0002) that has been conducting persistent campaigns across multiple Asian jurisdictions since May 2024. The threat actors have demonstrated remarkable adaptability by integrating social engineering techniques with advanced malware deployment methods, specifically targeting organizations in China, Hong Kong, and […]

The post UNG0002 Actors Weaponize LNK Files via ClickFix Fake CAPTCHA Pages appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad