Aggregator

Submit #555930 / VDB-305736

Submit #555929 / VDB-305735

Submit #555928 / VDB-305734

A vulnerability was found in Microsoft Internet Explorer up to 11. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption. This vulnerability is known as CVE-2014-0274. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function ext4_isize. The manipulation leads to improper resource management. This vulnerability is known as CVE-2009-0747. The attack needs to be approached locally. There is no exploit available.

A vulnerability, which was classified as critical, has been found in PostgreSQL. Affected by this issue is some unknown functionality of the component LDAP Authentication. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2009-3231. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Microsoft Internet Explorer up to 11. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2014-0286. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apple Safari 4.0/4.0.1/4.0.2/4.0.3/4.0.4 and classified as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2010-0045. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple tvOS. It has been declared as critical. This vulnerability affects unknown code of the component Media File Handler. The manipulation leads to memory corruption. This vulnerability was named CVE-2025-31200. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Zoom Desktop Client, VDI Client, Meeting SDK and Rooms Client on Windows. Affected by this issue is some unknown functionality of the component Zoom Meeting Handler. The manipulation leads to improper handling of unicode encoding. This vulnerability is handled as CVE-2024-24691. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Что на самом деле происходит в вашем мозге, когда вы пытаетесь на кого-то повлиять?

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]

Почему эксперт по ИИ решил, что работать — больше не для людей?

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Software AG 的一项研究发现有多达五成员工使用未批准的 AI 工具。今天的 AI 工具非常容易获得，而企业也日益鼓励员工使用 AI 工具提高工作效率。无论是总结会议记录、起草客户邮件、探索代码还是创建内容，企业员工正在快速普及 AI。即使企业出于安全担忧内部限制员工使用 AI 工具，他们也可以通过浏览器访问 AI 工具的 Web 版本。分析显示最流行的 AI 工具是 ChatGPT，还有部分员工会使用中国公司开发的 AI 工具如 DeepSeek、Baidu Chat 和 Qwen。

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment card data. [...]

Cybersecurity researchers have uncovered three malicious packages in the npm registry that masquerade as a popular Telegram bot library but harbor SSH backdoors and data exfiltration capabilities. The packages in question are listed below - node-telegram-utils (132 downloads) node-telegram-bots-api (82 downloads) node-telegram-util (73 downloads) According to supply chain

根据内外部测试，OpenAI 最新推理模型 o3 和 o4-mini 比该公司之前的模型出现幻觉的概率更高。在 OpenAI 的 PersonQA 测试中，o3 出现幻觉的概率高达 33%，两倍于旧模型 o1（16%）和 o3-mini（14.8%）。o4-mini 更糟糕出现幻觉的概率高达 48%。斯坦福大学兼职教授 Kian Katanforoosh 指出他的团队发现 o3 常生成无效网址。OpenAI 表示需要更多研究去理解为什么随着推理模型规模的扩大，幻觉现象会加剧。