Aggregator

A vulnerability marked as critical has been reported in SAIL Image Decoding Library 0.9.8. This impacts an unknown function of the component BMPv3 Image Decoder. Performing manipulation results in integer overflow to buffer overflow. This vulnerability is reported as CVE-2025-32468. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as critical has been found in PHPOffice PhpSpreadsheet up to 1.29.x/2.1.11/2.3.x/3.9.x/4.x. This affects the function setPath of the component HTML Document Handler. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2025-54370. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

通过构造恶意稀疏型HLL与正常密集型HLL执行合并操作，触发Redis在HLL合并过程中导致的整数上溢漏洞，**造成受限地址写**（覆盖`int`负数范围的`3/4`）。 预先构造包含三个`0x3800`字节sds对象（`sdsa/sdsb/sdsc`）及合并后密集型HLL数据的堆布局，利用受限地址写修改sdsb头部类型标识符（`SDSHDR16`的`0x02`改为`SDSHDR64`的`0x04

Submit #634316 / VDB-317779

A vulnerability identified as problematic has been detected in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. This vulnerability is registered as CVE-2025-9461. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students, parents, and educational institutions. The integration of machine learning algorithms, natural language processing, and deepfake […]

The post 5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them appeared first on Cyber Security News.

A vulnerability categorized as problematic has been discovered in Mahara up to 23.04.6/24.04.1. The affected element is an unknown function of the component Footer Links Handler. The manipulation of the argument About/Contact/Help results in cross site scripting. This vulnerability is cataloged as CVE-2024-39923. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Biosig libbiosig 3.9.0. It has been rated as problematic. Impacted is an unknown function of the component Nex Parser. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-52461. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Biosig libbiosig 3.9.0. It has been declared as critical. This issue affects some unknown processing of the file biosig.c of the component MFER Parser. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-54480. The attack can be launched remotely. No exploit exists.

De Johan Willem Frisokazerne in Assen moet een belangrijke plek worden voor zowel de krijgsmacht als de regio. De kazerne wordt compacter en efficiënter ingericht. Daardoor komt er ruimte vrij voor onder meer onderwijs, innovatie en rijksdiensten. De kazerne opent dus letterlijk en figuurlijk haar poorten. De nieuwe afspraken zijn vandaag op het kazerneterrein met handtekeningen bekrachtigd. 

A vulnerability was found in Biosig libbiosig 3.9.0. It has been classified as critical. This vulnerability affects unknown code of the component Nex Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2025-54462. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Biosig libbiosig 3.9.0 and classified as critical. This affects an unknown part of the component ISHNE Parser. Such manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2025-53853. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Biosig libbiosig 3.9.0 and classified as critical. Affected by this issue is some unknown functionality of the component MFER Parser. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2025-53557. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Biosig libbiosig 3.9.0. Affected by this vulnerability is an unknown functionality of the component MFER Parser. The manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2025-53511. The attack may be performed from a remote location. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Biosig libbiosig 3.9.0. Affected is an unknown function of the component GDF Parser. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2025-52581. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in Biosig libbiosig 3.9.0. This impacts an unknown function of the component ABF Parser. Executing manipulation can lead to integer overflow. This vulnerability is handled as CVE-2025-53518. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Biosig libbiosig 3.9.0. This affects an unknown function of the component RHS2000 Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-48005. Remote exploitation of the attack is possible. No exploit is available.

A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms.  By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation methods such as zero-width characters, white-on-white text, tiny font sizes, and off-screen positioning—attackers can poison […]

The post Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware appeared first on Cyber Security News.

Submit #634295 / VDB-321296

A vulnerability was found in TOTVS Portal Meu RH up to 12.1.17. It has been declared as problematic. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-9193. The attack may be performed from a remote location. In addition, an exploit is available. It is recommended to upgrade the affected component. The vendor explains, that "[o]ur internal validation (...) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs."