Security

CVE ID : CVE-2025-9176

Published : Aug. 20, 2025, 12:15 a.m. | 1 hour, 28 minutes ago

Description : A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9193

Published : Aug. 20, 2025, 12:15 a.m. | 1 hour, 28 minutes ago

Description : A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and may be used. Upgrading to version 12.1.2410.274, 12.1.2502.178 and 12.1.2506.121 is recommended to address this issue. It is recommended to upgrade the affected component. The vendor explains, that “[o]ur internal validation (…) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs.” This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-12223

Published : Aug. 20, 2025, 1:15 a.m. | 28 minutes ago

Description : Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9132

Published : Aug. 20, 2025, 1:15 a.m. | 28 minutes ago

Description : Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Workday, a California-based human resource and financial management service provider, disclosed last week that it was recently targeted in a…

Calling out the cybersecurity community to mark their calendars! The Cyber Express is all set to release, this week, its…

In a forward-looking proposal introduced last week, the Australian Competition and Consumer Commission (ACCC) has invited public submissions on a…

Organizations handling various forms of sensitive data or personally identifiable information (PII) require adherence to regulatory compliance standards and frameworks.…

Cybersecurity researchers have discovered a malicious package in the Python Package Index (PyPI) repository that introduces malicious behavior through a…

Colt Technology Services, a major UK-based telecommunications provider, continues to experience service disruptions following a serious cyberattack that began on…

Power doesn’t just disappear in one big breach. It slips away in the small stuff—a patch that’s missed, a setting…

Toronto-based Bragg Gaming Group, a provider of content and technology solutions for the online gaming sector, announced that it was…

Cybersecurity researchers have lifted the lid on the threat actors’ exploitation of a now-patched security flaw in Microsoft Windows to…

The threat actors behind the Noodlophile malware are leveraging spear-phishing emails and updated delivery mechanisms to deploy the information stealer…

A new HTTP/2 denial of service (DoS) vulnerability that circumvents mitigations put in place after 2023’s “Rapid Reset” vulnerability is…

CVE ID : CVE-2025-6625

Published : Aug. 18, 2025, 7:15 a.m. | 18 hours, 47 minutes ago

Description : CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific
crafted FTP command is sent to the device.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-36120

Published : Aug. 18, 2025, 2:15 p.m. | 11 hours, 47 minutes ago

Description : IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-54117

Published : Aug. 18, 2025, 4:15 p.m. | 9 hours, 47 minutes ago

Description : NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55201

Published : Aug. 18, 2025, 5:15 p.m. | 8 hours, 47 minutes ago

Description : Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t. filesystem access useless. This vulnerability is fixed in 9.9.1.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55282

Published : Aug. 18, 2025, 5:15 p.m. | 8 hours, 47 minutes ago

Description : aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…