Aggregator

CVE-2025-2338 | tbeu matio 1.5.28 src/io.c strdup_vprintf heap-based overflow (Issue 269 / EUVD-2025-6663)

3 months 2 weeks ago

A vulnerability was found in tbeu matio 1.5.28. It has been classified as critical. The impacted element is the function strdup_vprintf of the file src/io.c. The manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2025-2338. The attack can be initiated remotely. Additionally, an exploit exists.

vuldb.com

CVE-2024-54175 | IBM MQ 9.3/9.4 unusual condition (EUVD-2024-53977 / Nessus ID 232690)

Vuldb Updates

3 months 2 weeks ago

A vulnerability was found in IBM MQ 9.3/9.4. It has been rated as problematic. The impacted element is an unknown function. This manipulation causes improper check for unusual conditions. This vulnerability is tracked as CVE-2024-54175. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is advised.

vuldb.com

CVE-2024-8058 | Lenovo FileZ Client prior 9.8.6.0 improper validation of specified type of input (EUVD-2024-49613)

Vuldb Updates

3 months 2 weeks ago

A vulnerability was found in Lenovo FileZ Client. It has been declared as critical. This affects an unknown part. Such manipulation leads to improper validation of specified type of input. This vulnerability is documented as CVE-2024-8058. The attack can be executed remotely. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-31914 | IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2 Web UI cross site scripting

Vuldb Updates

3 months 2 weeks ago

A vulnerability classified as problematic has been found in IBM Sterling B2B Integrator Standard Edition up to 6.1.2.5/6.2.0.2. The impacted element is an unknown function of the component Web UI. This manipulation causes cross site scripting. This vulnerability is registered as CVE-2024-31914. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-56056 | kmfoysal06 SimpleCharm Plugin up to 1.4.3 on WordPress cross site scripting (EUVD-2024-52954)

Vuldb Updates

3 months 2 weeks ago

A vulnerability was found in kmfoysal06 SimpleCharm Plugin up to 1.4.3 on WordPress and classified as problematic. The affected element is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2024-56056. It is possible to launch the attack remotely. No exploit is available.

vuldb.com

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

The Hackers News

3 months 2 weeks ago

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a fresh round of sanctions against two individuals and two entities for their role in the North Korean remote information technology (IT) worker scheme to generate illicit revenue for the regime's weapons of mass destruction and ballistic missile programs. "The North Korean regime continues to target American

The Hacker News

U.S. Treasury Sanctions DPRK IT-Worker Scheme, Exposing $600K Crypto Transfers and $1M+ Profits

不安全

3 months 2 weeks ago

美国财政部宣布对两名个人和两家实体实施制裁,因其参与朝鲜远程IT工人计划,通过数据盗窃和勒索为朝鲜的武器项目筹集资金。制裁对象包括俄罗斯籍的Andreyev、朝鲜官员Kim Ung Sun,以及中国公司Shenyang Geumpungri和Sinjin Trading Corporation。该计划利用AI伪造专业背景,将朝鲜IT人员嵌入合法企业,窃取敏感数据并进行勒索。