Aggregator

A vulnerability has been found in HDF5 up to 1.14.3 and classified as critical. This vulnerability affects the function H5FL_arr_malloc. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2024-29158. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in HDF5 up to 1.13.3/1.14.2. It has been rated as critical. This issue affects the function H5HG_read. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2024-29162. The attack can only be initiated within the local network. There is no exploit available.

第一次参加，写得不怎么好，还请多多指教。

第一次参加，写得不怎么好，还请多多指教。

A vulnerability was found in Oracle Primavera Unifier up to 19.12. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2019-0227. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

从安全数据泛滥到代理优先安全

GAP This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters...

The post GAP-Burp-Extension: find more potential parameters and potential links appeared first on Penetration Testing Tools.

Submit #557396 / VDB-304598

Submit #557093 / VDB-304598

特斯拉 Cybertruck 被曝大幅缩减产能；谷歌首推 Gemini 2.5 Flash：成本暴降 600%；耐克与 Hyperice 合作推出 Hyperboot 运动鞋

HAWK What Hawk is and isn’t Hawk provides a Limited analysis of the gathered data. This is by design! Hawk is here to help get all of the data in a single place it...

The post hawk: gathering information related to O365 intrusions and potential Breaches appeared first on Penetration Testing Tools.

A vulnerability, which was classified as critical, was found in Logpoint up to 7.3.x. This affects an unknown part of the file /tmp of the component CSV File Handler. The manipulation of the argument source_name leads to path traversal. This vulnerability is uniquely identified as CVE-2024-33858. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Logpoint up to 7.3.x. Affected is an unknown function of the component URL Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2024-33857. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Logpoint up to 7.3.x. This affects an unknown part of the component Forgot Password Endpoint. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2024-33856. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644) and classified as critical. Affected by this issue is the function cgiSysUplinkCheckSet of the file /bin/httpd. The manipulation of the argument hostIp1/hostIp2 leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-3820. The attack may be launched remotely. Furthermore, there is an exploit available.

Despite Last-Minute Reprieve, Fresh Approach and Ownership Required, and Soon
This week's near-disruption in funding for the Mitre-administered Common Vulnerabilities and Exposures Program shows that the U.S. government no longer wants to be footing the tab. Many experts say this is an opportunity to redesign the CVE Program to be more neutral, sustainable and international.

With highly sensitive information and disruptions to medical care at stake during cyberattacks on healthcare organizations, it's vital for these entities to carefully consider details of their communications plans well in advance of suffering a serious incident, said Tom Bolitho of FTI Consulting.

Safety Concerns Emerge Amid o3, o4-mini and GPT-4.1 Launches
OpenAI's mid-April announcements include its most advanced reasoning models o3 and o4-mini, with a biorisk monitor, the quietly released GPT-4.1 coding family and the upcoming retirement of its costliest model, GPT-4.5. OpenAI's partners warn that the company's rushed evaluations have left gaps.

BitNet b1.58 2B4T Focuses on Speed, Efficiency, Open Access
Microsoft released what it describes as the most expansive 1-bit AI model to date, BitNet b1.58 2B4T. Unlike traditional large language models that depend on GPUs and massive infrastructure, the model is built to operate efficiently on CPUs including Apple's M2 chip.

DOGE Staffers Allegedly Violated Federal Cyber Best Practices and Data Privacy Laws
A whistleblower complaint made public this week provides the most in-depth look yet at the Department of Government Efficiency's many alleged cybersecurity failures, from violating federal best practices to seemingly ignoring data security laws in an apparent bid to shrink the government.