CVE-2025-48784 |
Description: A missing authorization vulnerability in Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to modify system settings without prior authorization.
CVSS: HIGH (8.8) EPSS Score: 0.19%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-48783 |
Description: An external control of file name or path vulnerability in the delete file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to delete partial files by specifying arbitrary file paths.
CVSS: HIGH (8.8) EPSS Score: 0.19%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-48782 |
Description: An unrestricted upload of file with dangerous type vulnerability in the upload file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a malicious file.
CVSS: CRITICAL (9.9) EPSS Score: 0.19%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-48781 |
Description: An external control of file name or path vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to obtain partial files by specifying arbitrary file paths.
CVSS: HIGH (8.7) EPSS Score: 0.19%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-48780 |
Description: A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
CVSS: CRITICAL (9.9) EPSS Score: 0.22%
June 6th, 2025 (about 1 month ago)
|
![]() |
Description: Blitz malware, active since 2024 and updated in 2025, was spread via game cheats. We discuss its infection vector and abuse of Hugging Face for C2.
The post Blitz Malware: A Tale of Game Cheats and Code Repositories appeared first on Unit 42.
June 6th, 2025 (about 1 month ago)
|
CVE-2025-5739 |
Description: A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in TOTOLINK X15 1.0.0-B20230714.1105 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /boafrm/formSaveConfig der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-5738 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine kritische Schwachstelle wurde in TOTOLINK X15 1.0.0-B20230714.1105 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /boafrm/formStats der Komponente HTTP POST Request Handler. Durch Manipulieren des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.8) EPSS Score: 0.14%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-5737 |
Description: A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In TOTOLINK X15 1.0.0-B20230714.1105 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /boafrm/formDosCfg der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments submit-url mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.14%
June 6th, 2025 (about 1 month ago)
|
CVE-2025-3365 |
Description: A missing protection against path traversal allows to access
any file on the server.
CVSS: CRITICAL (9.8) EPSS Score: 0.06%
June 6th, 2025 (about 1 month ago)
|