Cybersecurity

Overview A significant security vulnerability, identified as CVE-2025-13120, has been discovered in mruby, affecting versions up to and including 3.4.0. This vulnerability is a use-after-free issue located within the sort_cmp function of the src/array.c file. Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code or cause a denial-of-service condition. Technical … Read more

Overview A critical security vulnerability, identified as CVE-2025-64741, has been discovered in Zoom Workplace for Android. This vulnerability allows an unauthenticated attacker with network access to escalate their privileges, potentially gaining unauthorized control within the application. The vulnerability affects versions prior to 6.5.10. Technical Details CVE-2025-64741 stems from improper authorization handling within the Zoom Workplace … Read more

Overview CVE-2025-64739 is a medium severity vulnerability affecting certain Zoom Clients. This vulnerability allows an unauthenticated attacker with network access to potentially disclose sensitive information by manipulating file names or paths. The vulnerability stems from improper handling of external input related to file operations within the affected Zoom Clients. Technical Details The root cause of … Read more

Overview CVE-2025-64738 is a medium severity vulnerability affecting Zoom Workplace for macOS versions prior to 6.5.10. This vulnerability stems from insufficient validation of file names or paths, potentially allowing an authenticated local user to exploit the system and gain access to sensitive information. This is achieved through external control of the file name or path, … Read more

Overview CVE-2025-62483 is a medium severity vulnerability affecting certain Zoom Clients before version 6.5.10. This vulnerability stems from the improper removal of sensitive information, potentially allowing an unauthenticated attacker with network access to disclose sensitive data. It’s crucial to understand the impact and take necessary steps to mitigate this risk. Technical Details The vulnerability lies … Read more

Overview CVE-2025-62482 is a medium-severity cross-site scripting (XSS) vulnerability affecting Zoom Workplace for Windows versions before 6.5.10. This flaw could allow an unauthenticated attacker with network access to inject malicious scripts, potentially impacting the integrity of the application and user data. Technical Details The vulnerability stems from insufficient input sanitization within Zoom Workplace for Windows. … Read more

Overview CVE-2025-30669 is a security vulnerability affecting certain Zoom Clients. Discovered and published on November 13, 2025, this flaw stems from improper certificate validation, potentially allowing an unauthenticated attacker with adjacent network access to conduct information disclosure. The severity is rated as MEDIUM, with a CVSS score of 4.8. Technical Details The vulnerability lies in … Read more

Overview CVE-2025-30662 describes a medium severity vulnerability affecting the Zoom Workplace VDI Plugin macOS Universal installer. Specifically, a symlink following vulnerability exists in versions prior to 6.3.14, 6.4.14, and 6.5.10 of their respective tracks. This vulnerability could allow an authenticated local user to potentially conduct information disclosure via network access. Technical Details The vulnerability stems … Read more

Overview CVE-2025-13119 describes a Cross-Site Request Forgery (CSRF) vulnerability found in Fabian Ros/SourceCodester Simple E-Banking System version 1.0. This flaw allows a remote attacker to potentially execute unauthorized actions on behalf of legitimate users, such as initiating forced withdrawals, if they can trick a user into clicking a malicious link or visiting a compromised website. … Read more

Overview CVE-2025-41069 is a security vulnerability identified in DeporSite, a product by T-INNOVA. This vulnerability is classified as an Insecure Direct Object Reference (IDOR). IDOR vulnerabilities occur when an application allows direct access to internal implementation objects based on user-supplied input. This can lead to unauthorized data access or modification. Technical Details The vulnerability exists … Read more