Aggregator

The US National Institute of Standards and Technology (NIST) published a white paper introducing a new metric called Likely Exploited Vulnerabilities (LEV)

A vulnerability was found in CMS Made Simple up to 0.10. It has been rated as critical. Affected by this issue is some unknown functionality of the file lang.php. The manipulation of the argument nls[file][vx][vxsfx] leads to file inclusion. This vulnerability is handled as CVE-2005-2846. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in EmbedThis GoAhead 2.5.0. This affects an unknown part of the file goform/login. The manipulation as part of HTTP Host Header leads to injection. This vulnerability is uniquely identified as CVE-2019-16645. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Новый закон может превратить интернет в поле для доносов.

英国三大零售巨头接连沦陷，社会工程攻击如何突破服务台防线？

在 H20 被禁止出口之后，英伟达准备推出新款中国市场专用 AI 芯片。新芯片将是基于 Blackwell 架构的 RTX Pro 6000D，使用 GDDR7 而不是 HBM 等更先进的高带宽显存，预计售价在 6,500-8,000 美元之间，低于 H20 的 10,000-12,000 美元。较低的价格反映了芯片较低的规格和更简单的制造要求，新芯片将不使用台积电先进的 Chip-on-Wafer-on-Substrate (CoWoS)封装技术。这将是英伟达第三次为中国开发专用 AI 芯片。中国仍然是英伟达的大市场，上一个财年占其总收入的 13%。分析师表示，英伟达的优势主要在于其集成 CUDA 平台 和 AI 集群的能力。

上周关注度较高的产品安全漏洞(20250519-20250525)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞315个，其中高危漏洞169个、中危漏洞126个、低危漏洞20个。

A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Lua Admin Console. The manipulation leads to execution with unnecessary privileges. This vulnerability is known as CVE-2025-5196. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. The vendor explains: "[W]e do not consider it as a security vulnerability, because the system admin in WingFTP has full permissions [...], but you can suggest the user run WingFTP service as Normal User rather than SYSTEM/Root, it will be safer."

EngineAI устраивает бои без правил между машинами — и это не шутка, а спорт будущего.

Tenable has released version 6.5.1 of its Network Monitor, a key passive vulnerability scanning solution, to address several high-severity vulnerabilities discovered in both its codebase and bundled third-party libraries. The update comes after security researchers identified vulnerabilities in widely used components such as OpenSSL, expat, curl, libpcap, and libxml2, all of which provide essential underlying […]

The post Privilege Escalation Flaws Found in Tenable Network Monitor appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #584253 / VDB-310279

США запускают портал по скупке чувствительных данных.

Что будет, если ИИ заставят программировать 7 часов подряд? В Anthropic проверили. И удивились.

Currently trending CVE - Hype Score: 13 - In the Linux kernel, the following vulnerability has been resolved: ALSA: ump: Fix buffer overflow at UMP SysEx message conversion The conversion function from MIDI 1.0 to UMP packet contains an internal buffer to keep the incoming MIDI bytes, and its size is 4, as it was ...

Currently trending CVE - Hype Score: 1 - A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper ...

Currently trending CVE - Hype Score: 1 - Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells." Fixed in version 11.36.46, 11.32.89, ...

Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks. Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like […]

A vulnerability, which was classified as critical, has been found in GuardDuty. This issue affects the function GetBucketPublicAccessBlock/GetBucketPolicyStatus of the component S3 Bucket Policy Handler. The manipulation leads to permission issues. The attack can only be initiated within the local network. There is no exploit available. This product is a managed service. It is not possible for users to maintain vulnerability countermeasures themselves.

A serious security vulnerability has been identified in Bitwarden, the popular password management platform, affecting versions up to 2.25.1. The flaw, designated CVE-2025-5138, allows attackers to execute cross-site scripting (XSS) attacks through malicious PDF files uploaded to the platform’s file handling system. Vulnerability Details and Technical Analysis The vulnerability stems from insufficient file type restrictions […]

The post Bitwarden Flaw Allows Upload of Malicious PDFs, Posing Security Risk appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.