Aggregator

CVE-2021-3746 | libtpms up to 0.6.6/0.7.9/0.8.5 TPM2 Command Packet memory corruption (Nessus ID 239862)

Vuldb Updates
5 months 4 weeks ago
A vulnerability, which was classified as critical, has been found in libtpms up to 0.6.6/0.7.9/0.8.5. This issue affects some unknown processing of the component TPM2 Command Packet Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2021-3746. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

CVE-2021-47458 | Linux Kernel up to 5.14.14 ocfs2 lib/string.c buffer overflow (Nessus ID 239865)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 5.14.14. It has been classified as critical. This affects an unknown part in the library lib/string.c of the component ocfs2. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2021-47458. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47460 | Linux Kernel up to 5.14.14 ocfs2 block_write_full_page allocation of resources (Nessus ID 239865)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 5.14.14. It has been rated as problematic. This issue affects the function block_write_full_page of the component ocfs2. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2021-47460. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-47478 | Linux Kernel up to 5.15.1 isofs_read_inode out-of-bounds (Nessus ID 239865)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in Linux Kernel up to 5.15.1. It has been declared as problematic. This vulnerability affects the function isofs_read_inode. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2021-47478. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2004-0358 | Virtuasystems Virtuanews Pro 1.0.3 Admin Panel admin.php cross site scripting (EDB-23792 / XFDB-15402)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in Virtuasystems Virtuanews Pro 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin.php of the component Admin Panel. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2004-0358. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6007 | kiCode111 like-girl 5.2.0 /admin/CopyadminPost.php icp/Copyright sql injection (EUVD-2025-18148)

Vuldb Updates
5 months 4 weeks ago
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. This vulnerability is traded as CVE-2025-6007. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6008 | kiCode111 like-girl 5.2.0 /admin/ImgAddPost.php imgDatd/imgText/imgUrl sql injection (EUVD-2025-18147)

Vuldb Updates
5 months 4 weeks ago
A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. This vulnerability is known as CVE-2025-6008. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6009 | kiCode111 like-girl 5.2.0 /admin/ipAddPost.php bz/ipdz sql injection (EUVD-2025-18158)

Vuldb Updates
5 months 4 weeks ago
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. This vulnerability is handled as CVE-2025-6009. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

《自然》期刊公开所有论文的审稿人评论

Solidot
5 months 4 weeks ago
为了改进同行审议流程的透明度,《自然》期刊从本周开始将自动公开所有新递交论文的审稿人意见和作者回应。论文作者和匿名审稿人之间的交流都将公开,除非审稿人主动选择公开,否则他们的身份默认不会披露。

Five Uncomfortable Truths About LLMs in Production

Security Boulevard
5 months 4 weeks ago

Many tech professionals see integrating large language models (LLMs) as a simple process -just connect an API and let it run. At Wallarm, our experience has proved otherwise. Through rigorous testing and iteration, our engineering team uncovered several critical insights about deploying LLMs securely and effectively.  This blog shares our journey of integrating cutting-edge AI [...]

The post Five Uncomfortable Truths About LLMs in Production appeared first on Wallarm.

The post Five Uncomfortable Truths About LLMs in Production appeared first on Security Boulevard.

Ivan Novikov

城市人造光源的规模有多大

Solidot
5 months 4 weeks ago
卫星照片下的城市夜晚以灯火通明著称,然而卫星照片难以区分城市人造灯的类别,是路灯、还是信号和装饰灯?德国研究人员开发了名叫 Nachtlichter 的应用,在公民科学家的帮助下对 22 平方公里区域内 234,044 个光源进行了统计和分类。结果显示,用于广告和审美用途的人造光源总数超过了照明用的路灯。研究人员估计,整个德国的午夜时分仍然会有 7800 万左右的光源仍然亮着,显示减少人造光污染有着巨大的潜力。

LogMeIn Remote Access Abused in Targeted System Compromise

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
5 months 4 weeks ago

A sophisticated cyberattack campaign has been uncovered, leveraging LogMeIn Resolve remote access software to gain unauthorized control over user systems. Security researchers report that the attack begins with a convincingly crafted invoice-themed spam email, designed to trick recipients into opening a malicious PDF attachment. This campaign highlights the ongoing threat of social engineering tactics and […]

The post LogMeIn Remote Access Abused in Targeted System Compromise appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Managed ad