CVE-2025-2480 - Santesoft Sante DICOM Viewer Pro Out-of-Bounds Write Arbitrary Code Execution

Source

CVE-2025-2549 - D-Link DIR-618 and DIR-605L Local File Access Control Vulnerability

Source

CVE-2025-2550 - D-Link DDNS Service Local Network Access Control Vulnerability

Source

CVE-2025-29121 - Tenda AC6 Stack-Based Buffer Overflow

Source

CVE-2025-29149 - Tenda i12 Buffer Overflow

Source

CVE-2024-57440 - D-Link DSL-3788 Buffer Overflow

Source

CVE-2024-7598 - Kubernetes Namespace Deletion Network Policy Bypass

Source

Infostealers Fuel 21B Credentials and 23M Host Infections

Cybercrime surged with a 33% spike in credential theft and 200 million credentials stolen in early 2025, signaling a daunting threat landscape for organizations. The post Infostealers Fuel 2.1B Credentials and 23M Host Infections appeared first on eSecurity Planet.

Cybercrime surged with a 33% spike in credential theft and 200 million credentials stolen in early 2025, signaling a daunting threat landscape for organizations.

USN-7362-1 go-gh vulnerability

It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. (CVE-2024-53859)

It was discovered that go-gh incorrectly handled authentication tokens. An attacker could possibly use this issue to leak authentication tokens to the wrong host. (CVE-2024-53859)

Source

Fort Knox for Your Data How Elasticsearch X-Pack Locks Down Your Cluster Part 2

In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers can exploit unauthenticated endpoints.

In Part 1 of Fort Knox for Your Data: How Elasticsearch X-Pack Locks Down Your Cluster, we uncovered the dangers of running Elasticsearch with X-Pack disabled and thus, highlighting the ease with which attackers can exploit unauthenticated endpoints.