Aggregator

Submit #492777 / VDB-295059

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. This vulnerability is handled as CVE-2025-1154. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-1153. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-1152. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-1151. The attack may be initiated remotely. Furthermore, there is an exploit available. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. This vulnerability was named CVE-2025-1150. The attack can be initiated remotely. Furthermore, there is an exploit available. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2025-1149. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-1148. The attack may be launched remotely. Furthermore, there is an exploit available. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. This vulnerability is known as CVE-2025-1147. The attack can be launched remotely. Furthermore, there is an exploit available.

A recently disclosed vulnerability in AnyDesk, a popular remote desktop software, identified as CVE-2024-12754, enables local attackers to exploit the handling of Windows background images to gain unauthorized access to sensitive system files.  This could potentially escalate their privileges to administrative levels, posing a significant threat to system security. The vulnerability has been categorized under […]

The post PoC Exploit Released for AnyDesk Vulnerability Exploited to Gain Admin Access Via Wallpapers appeared first on Cyber Security News.

Submit #492531 / VDB-295058

Submit #489991 / VDB-295057

Submit #485747 / VDB-295052

Submit #485254 / VDB-295051

Федеральные кредиты стали окном в частную жизнь миллионов.

作者：Xiangmin Shen，Lingzhi Wang，Zhenyuan Li，Yan Chen，Wencheng Zhao 等. 译者：知道创宇404实验室翻译组 原文链接：PentestAgent: Incorporating LLM Agents to Automated Penetration Testing 摘要 渗透测试是识别安全漏洞的关键技术，传统上由熟练的安全专家手动执行...

Linus Torvalds, lead developer of the Linux kernel, announced the second release candidate (rc2) of Linux Kernel 6.14, providing developers and enthusiasts with a glimpse at the latest updates and fixes in the kernel’s development cycle. The announcement was made on the Linux Kernel Mailing List (LKML) on Sunday, February 9, 2025. This release follows […]

The post Linux Kernel 6.14-rc2 Released – What’s Newly Added ! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Serious vulnerabilities in Zimbra Collaboration Suite (ZCS), a popular enterprise email and collaboration platform, have raised alarm in the cybersecurity community. Security researchers have identified several critical flaws that allow attackers to access sensitive data and compromise user accounts. With millions of businesses relying on Zimbra for email services, these vulnerabilities pose significant risks. Key […]

The post Critical Zimbra Flaws Allow Attackers to Gain Unauthorized Access to Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, was found in Apache Felix Webconsole up to 4.9.8/5.0.8. Affected is an unknown function of the component Services Console. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-25247. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.