Aggregator

A vulnerability was found in ThinkInAIXYZ deepchat up to 0.3.0. It has been classified as critical. This affects an unknown function of the component URL Handler. This manipulation causes code injection. This vulnerability is tracked as CVE-2025-55733. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in LogicData eCommerce Framework 5.0.9.7000. It has been rated as critical. Affected is an unknown function of the component Content Explorer Feature. Performing manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2025-52337. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Cicool 3.4.4 and classified as critical. This affects an unknown part of the file /administrator/auth/reset_password. Executing manipulation can lead to weak password recovery. The identification of this vulnerability is CVE-2025-51543. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Mozilla Firefox up to 140 on iOS. The impacted element is an unknown function of the component iFrame Handler. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2025-54143. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Mozilla Firefox up to 138. Affected by this issue is the function vpx_codec_enc_init_multi of the component WebRTC. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-5262. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

$22,8 млн превратились в ракетное топливо.

当前网络威胁态势快速演变，高度组织化的恶意攻击者持续发动更具破坏性和复杂性的攻击，而防御方往往准备不足。

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this vulnerability is the function ext4_empty_dir. Such manipulation of the argument new leads to out-of-bounds read. This vulnerability is traded as CVE-2025-37785. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.170/5.4.92/5.10.10. The impacted element is the function peak_usb_netif_rx_ni. Performing manipulation results in use after free. This vulnerability is known as CVE-2021-47670. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.14.18/5.15.2. This affects the function es58x_rx_err_msg. Executing manipulation can lead to memory leak. This vulnerability is handled as CVE-2021-47671. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 4.14.217/4.19.170/5.4.92/5.10.10. This issue affects the function netif_rx_ni of the component vxcan. The manipulation leads to use after free. This vulnerability is listed as CVE-2021-47669. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.10. The affected element is the function netif_rx_ni. Such manipulation leads to use after free. This vulnerability is traded as CVE-2021-47668. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 5.9.8 and classified as critical. This impacts the function can_get_echo_skb of the file net/core/skbuff.c. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2020-36789. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

Microsoft has resolved a known issue that caused Windows upgrades to fail with 0x8007007F errors on some Windows 11 and Windows Server systems. [...]

BloodHound Attack Research Kit BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on...

The post BARK: BloodHound Attack Research Kit appeared first on Penetration Testing Tools.

Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing. U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations. Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO). It provides nonclinical and analytical drug discovery and development […]

Исследование показало неожиданные лазейки в «песочнице» Chrome.

A Chrome VPN extension with over 100,000 installations and verified badge status has been discovered operating as sophisticated spyware, continuously capturing user screenshots and exfiltrating sensitive data without consent. The extension, known as FreeVPN.One, masqueraded as a legitimate privacy tool while secretly implementing comprehensive surveillance capabilities that directly contradict its stated privacy promises. The malicious […]

The post Legitimate Chrome VPN With 100,000+ Installs Silently Captures Screenshots and Exfiltrate Sensitive Data appeared first on Cyber Security News.

Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire...

The post AWSGoat: Damn Vulnerable AWS Infrastructure appeared first on Penetration Testing Tools.

世界人口第一大国还有足够的时间先富后老。印度要到 2050 年代末才会跨过人口老龄化的门槛——中位数年龄 41 岁，而中国已经跨过这一门槛。印度需要在 35 年内保持 10.4% 的 GDP 增长率才能在老龄化前实现富裕，而中国则需要保持 32% 的 GDP 年增长率。印度劳动年龄人口占总人口的比例将从 2021 年的 67.5% 增长到 2031 年的 69.2%，到 2036 年中位年龄为 34.5 岁。中国面临的困境和发达国家差不多，欧洲 65 岁以上人口比例从 1950 年的 8% 增加到了 2050 年的 30%，提高退休年龄将面临老年选民群体的抵制，老年人口占到了欧洲选民人口的四成。美国的老龄化问题将在 2033 年出现。