Aggregator

CVE-2023-48698 | azure-rtos usbx up to 6.2.1 unusual condition (GHSA-grhp-f66q-x857)

Vuldb Updates
3 days 20 hours ago
A vulnerability classified as problematic was found in azure-rtos usbx up to 6.2.1. Affected is an unknown function. Such manipulation leads to improper check for unusual conditions. This vulnerability is documented as CVE-2023-48698. The attack can be executed directly on the physical device. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-11938 | ChurchCRM up to 5.18.0 setup/routes/setup.php DB_PASSWORD/ROOT_PATH/URL deserialization (EUVD-2025-35002 / CNNVD-202510-2557)

Vuldb Updates
3 days 20 hours ago
A vulnerability classified as critical has been found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. This vulnerability was named CVE-2025-11938. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-37947 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5 ksmbd_vfs_stream_write out-of-bounds (Nessus ID 237223 / WID-SEC-2025-1114)

Vuldb Updates
3 days 20 hours ago
A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been classified as problematic. This vulnerability affects the function ksmbd_vfs_stream_write. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-37947. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2022-47986 | IBM Aspera Faspex 4.4.1 YAML deserialization (EDB-51316 / XFDB-243512)

Vuldb Updates
3 days 20 hours ago
A vulnerability labeled as very critical has been found in IBM Aspera Faspex 4.4.1. Affected by this vulnerability is an unknown functionality of the component YAML Handler. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2022-47986. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
vuldb.com

OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT

Cyber Security News
3 days 20 hours ago

A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems. This flaw, uncovered by LayerX, exploits Cross-Site Request Forgery (CSRF) to hijack authenticated sessions, potentially infecting devices with malware or granting unauthorized access. The discovery highlights escalating risks in […]

The post OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT appeared first on Cyber Security News.

Guru Baran

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

The Hackers News
3 days 20 hours ago
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX
The Hacker News

CVE-2025-12347 | MaxSite CMS up to 109 save-file-ajax.php file_path/content unrestricted upload (EUVD-2025-36424)

VulDB Recent Entries
3 days 20 hours ago
A vulnerability, which was classified as critical, was found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. This vulnerability is handled as CVE-2025-12347. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12346 | MaxSite CMS up to 109 HTTP Header uploads-require-maxsite.php X-Requested-FileName/X-Requested-FileUpDir unrestricted upload (EUVD-2025-36425)

VulDB Recent Entries
3 days 20 hours ago
A vulnerability, which was classified as critical, has been found in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. This vulnerability is known as CVE-2025-12346. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

新冠 mRNA 疫苗能触发免疫系统识别和杀死癌细胞

Solidot
3 days 20 hours ago
根据发表在《自然》期刊上的一项研究,在新冠疫情期间拯救数百万人生命的 mRNA 疫苗可能激活免疫系统识别和杀死癌细胞。研究人员调查了逾千名接受免疫疗法 immune checkpoint inhibitors 的晚期黑色素瘤和肺癌患者,该疗法通过阻断肿瘤细胞制造的用于关闭免疫细胞的蛋白质,让免疫系统能继续杀死癌细胞。研究发现,接受免疫治疗 100 天内接种辉瑞或 Moderna mRNA 新冠疫苗的患者,三年后存活的可能性是未接种任何一种疫苗的患者的两倍多。通常对免疫疗法反应不佳的肿瘤患者也效果显著,三年总生存率提高了近五倍。研究人员进一步调查发现,新冠 mRNA 疫苗就像警钟,触发人体免疫系统识别和杀死癌细胞,遏制癌症关闭免疫细胞的能力。组合使用疫苗和 immune checkpoint inhibitors,它们能协同释放免疫系统的全部力量杀死癌细胞。

CVE-2025-50055 | OpenVPN Access Server up to 2.14.3 SAML Authentication RelayState cross site scripting

VulDB Recent Entries
3 days 20 hours ago
A vulnerability classified as problematic has been found in OpenVPN Access Server up to 2.14.3. Affected by this issue is some unknown functionality of the component SAML Authentication Module. This manipulation of the argument RelayState causes cross site scripting. This vulnerability appears as CVE-2025-50055. The attack may be initiated remotely. There is no available exploit.
vuldb.com

CVE-2025-11248 | Zoho ManageEngine ManageEngine Endpoint Central prior 11.4.2528.05 log file

VulDB Recent Entries
3 days 20 hours ago
A vulnerability described as problematic has been identified in Zoho ManageEngine ManageEngine Endpoint Central. Affected by this vulnerability is an unknown functionality. The manipulation results in sensitive information in log files. This vulnerability is reported as CVE-2025-11248. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

Managed ad