Aggregator

A vulnerability, which was classified as problematic, was found in miraheze DiscordNotifications on MediaWiki. Affected is the function file_get_contents of the component HTTP POST Request Handler. The manipulation of the argument wgDiscordIncomingWebhookUrl leads to resource consumption. This vulnerability is traded as CVE-2025-53371. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in wftpserver Wing FTP Server up to 7.4.3. This issue affects some unknown processing of the file loginok.html of the component Cookie Handler. The manipulation of the argument UID leads to information exposure through error message. The identification of this vulnerability is CVE-2025-47813. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in wftpserver Wing FTP Server up to 7.4.3. This vulnerability affects unknown code of the file downloadpass.html of the component Parameter Handler. The manipulation of the argument url leads to external control of system or configuration setting. This vulnerability was named CVE-2025-27889. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in wftpserver Wing FTP Server up to 7.4.4. This affects an unknown part of the component Administrative Web Interface. The manipulation leads to privilege defined with unsafe actions. This vulnerability is uniquely identified as CVE-2025-47811. It is possible to initiate the attack remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability was found in wftpserver Wing FTP Server up to 7.4.3. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of null byte or nul character. This vulnerability is handled as CVE-2025-47812. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.63 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component mod_rewrite. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-43394. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.63. It has been classified as critical. Affected is an unknown function of the component mod_ssl. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-23048. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache HTTP Server up to 2.4.63 and classified as problematic. This issue affects some unknown processing of the component mod_ssl. The manipulation leads to improper neutralization of escape, meta, or control sequences. The identification of this vulnerability is CVE-2024-47252. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apache HTTP Server up to 2.4.63 and classified as critical. This vulnerability affects unknown code of the component mod_proxy. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-43204. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apache HTTP Server up to 2.4.63. This affects an unknown part. The manipulation leads to http response splitting. This vulnerability is uniquely identified as CVE-2024-42516. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apache HTTP Server up to 2.4.63. Affected by this issue is some unknown functionality. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-53020. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apache HTTP Server up to 2.4.63. Affected by this vulnerability is an unknown functionality of the component mod_ssl. The manipulation leads to improper authentication. This vulnerability is known as CVE-2025-49812. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apache HTTP Server up to 2.4.63. Affected is an unknown function of the component mod_proxy_http2. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2025-49630. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Identity-driven assaults have increased by a shocking 156% between 2023 and 2025, making up 59% of all confirmed threat instances in Q1 2025, according to data conducted by eSentire’s Threat Response Unit (TRU). This dramatic shift from traditional asset-focused exploits to sophisticated identity-centric campaigns underscores a fundamental change in adversarial tactics. Identity-Based Threats Cybercriminals are […]

The post Cyberattacks on User Logins Jump 156%, Fueled by Infostealers and Phishing Toolkits appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.

Метаповерхности заговорили. И теперь войны уже не будут прежними.

Microsoft Exchange Online experienced a major global outage on July 10, 2025, preventing millions of users from accessing their mailboxes across multiple platforms. The incident, designated as EX1112414, began at 10:20 PM UTC on July 9 and continued affecting users worldwide for more than 11 hours. The outage has affected users across multiple regions, including […]

The post Microsoft Exchange Online Service Down – Millions of Users Unable to Access Their Mailbox appeared first on Cyber Security News.

A vulnerability was found in Apple watchOS up to 7.4.1. It has been classified as critical. Affected is an unknown function of the component WebKit. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2021-30749. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple tvOS up to 14.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WebKit. The manipulation leads to memory corruption. This vulnerability is known as CVE-2021-30749. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.