Aggregator

A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. This vulnerability is traded as CVE-2025-5324. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

通过WinGet和微软子域名劫持PC Manager的潜在风险

山石网科安全技术研究院

8 months 2 weeks ago

你以为通过WinGet安装的软件是安全的？黑客可能已经通过一个小小的SAS令牌漏洞篡改了你下载的软件！

Data broker LexisNexis discloses data breach affecting 364,000 people

Bleeping Computer.

8 months 2 weeks ago

Data broker giant LexisNexis Risk Solutions has revealed that unknown attackers stole the personal information of over 364,000 individuals in a December breach. [...]

Sergiu Gatlan

Submit #580513: TechPowerUp GPU-Z 2.23.0 Information Exposure [Accepted]

Vuldb Submit

8 months 2 weeks ago

Submit #580513 / VDB-310494

aiyakami

CVE-2025-5323 | fossasia open-event-server 1.19.1 Mail Verification mail.py send_email_change_user_email reliance on obfuscation or encryption of security-relevant inputs without integrity checking

VulDB Recent Entries

8 months 2 weeks ago

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The identification of this vulnerability is CVE-2025-5323. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #580256: open-event-server v1.19.1 Reliance on Obfuscation or Encryption of Security-Relevant Input [Accepted]

Vuldb Submit

8 months 2 weeks ago

Submit #580256 / VDB-310493

Gavin Zhong

События в календаре теперь могут запускать трояны — пора пересматривать Google Календарь

Securitylab.ru

8 months 2 weeks ago

Открыли PDF — и дали доступ к своим данным хакерам из Китая.

CVE-2025-5321 | aimhubio aim up to 3.29.1 run_view Object /aim/storage/query.py RestrictedPythonQuery sandbox

VulDB Recent Entries

8 months 2 weeks ago

A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. This vulnerability was named CVE-2025-5321. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

CVE-2025-5320 | gradio-app gradio up to 5.29.1 CORS is_valid_origin localhost_aliases origin validation

VulDB Recent Entries

8 months 2 weeks ago

A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. This vulnerability is uniquely identified as CVE-2025-5320. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com