CVE-2023-43029 - IBM Storage Virtualize vSphere Remote Plug-in Information Disclosure

CVE ID : CVE-2023-43029 Published : March 21, 2025, 4:15 p.m. | 12 hours, 31 minutes ago Description : IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected

CVE ID : CVE-2023-43029
Published : March 21, 2025, 4:15 p.m. | 12 hours, 31 minutes ago
Description : IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2024-53348 - LoxiLB Router Unauthenticated Information Disclosure and Privilege Escalation Vulnerability

CVE ID : CVE-2024-53348 Published : March 21, 2025, 4:15 p.m. | 12 hours, 31 minutes ago Description : LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,

CVE ID : CVE-2024-53348
Published : March 21, 2025, 4:15 p.m. | 12 hours, 31 minutes ago
Description : LoxiLB v.0.9.7 and before is vulnerable to Incorrect Access Control which allows attackers to obtain sensitive information and escalate privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

Hackaday Podcast Episode 313 Capacitor Plague Wireless Power and Tiny Everything

We’re firmly in Europe this week on the Hackaday podcast, as Elliot Williams and Jenny List are freshly returned from Berlin and Hackaday Europe. A few days of mingling with …read more

We’re firmly in Europe this week on the Hackaday podcast, as Elliot Williams and Jenny List are freshly returned from Berlin and Hackaday Europe. A few days of mingling with …read more

Read more...

Hacktivists claim cyber-sabotage of 116 Iranian ships

Risky Biz Newsletter reports: An anti-regime hacktivist group has claimed credit over a cyberattack that crippled the on-ship communication systems of 116 Iranian ships. The ships are operated by the National Iranian Tanker Company (50) and the Islamic Republic of Iran Shipping Company (66). […] A group named LabDookhtegan took credit for

Risky Biz Newsletter reports: An anti-regime hacktivist group has claimed credit over a cyberattack that crippled the on-ship communication systems of 116 Iranian ships. The ships are operated by the National Iranian Tanker Company (50) and the Islamic Republic of Iran Shipping Company (66). […] A group named LabDookhtegan took credit for the sabotage. The attack allegedly…

Read more...

CVE-2025-29927 - Nextjs Authorization Bypass in Middleware

CVE ID : CVE-2025-29927 Published : March 21, 2025, 3:15 p.m. | 23 hours, 3 minutes ago Description : Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If

CVE ID : CVE-2025-29927
Published : March 21, 2025, 3:15 p.m. | 23 hours, 3 minutes ago
Description : Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

Issue with the AWS CDK CLI and custom credential plugins CVE-2025-2598

Publication Date: 2025/03/21 07:00 AM PDT Description AWS identified CVE-2025-2598, an issue in the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI), versions 2.172.0 through 2.178.1. The AWS CDK CLI is a command line tool that deploys AWS CDK applications onto AWS accounts. When customers run AWS CDK

**Publication Date: 2025/03/21 07:00 AM PDT
**

Read more...

This Week in Security The Github Supply Chain Attack Ransomware Decryption and Paragon

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially …read more

Last Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially …read more

Read more...

Modernize Your Industrial Infrastructure for Cybersecurity and AI Readiness with Cisco Validated Designs

Cisco Validated Designs give you proven industrial networking and security architectural blueprints to build an AI-ready modern infrastructure.

Cisco Validated Designs give you proven industrial networking and security architectural blueprints to build an AI-ready modern infrastructure.

Source

CVE-2025-2590 - Code-projects Human Resource Management System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-2590 Published : March 21, 2025, 1:15 p.m. | 43 minutes ago Description : A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross

CVE ID : CVE-2025-2590
Published : March 21, 2025, 1:15 p.m. | 43 minutes ago
Description : A vulnerability was found in code-projects Human Resource Management System 1.0.1. It has been classified as problematic. Affected is the function UpdateRecruitmentById of the file \handler\recruitment.go. The manipulation of the argument c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...

CVE-2025-2589 - Code-projects Human Resource Management System Unauthorized Access Vulnerability

CVE ID : CVE-2025-2589 Published : March 21, 2025, 1:15 p.m. | 43 minutes ago Description : A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization.

CVE ID : CVE-2025-2589
Published : March 21, 2025, 1:15 p.m. | 43 minutes ago
Description : A vulnerability was found in code-projects Human Resource Management System 1.0.1 and classified as critical. This issue affects the function Index of the file \handler\Account.go. The manipulation of the argument user_cookie leads to improper authorization. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Read more...