Aggregator

A vulnerability was found in Apple macOS and classified as problematic. This issue affects some unknown processing of the component Apple Neural Engine. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2022-32845. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordLift Plugin up to 3.37.1 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-3069. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Generate PDF Plugin up to 3.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-3070. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Slider Hero Plugin up to 8.4.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Slider Name Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-3074. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in mIPC 5.3.1.2003161406. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2022-40785. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Blink. The manipulation leads to use after free. This vulnerability is known as CVE-2022-2857. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component SwiftShader. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-2854. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component ANGLE. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-2855. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component Site Isolation. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2022-3044. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component V8. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2022-3045. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Browser Tag. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-3046. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. [...]

A vulnerability classified as problematic has been found in CityPost Simple PHP Upload 5.3. Affected is an unknown function of the file simple-upload-53.php. The manipulation of the argument Message leads to basic cross site scripting. This vulnerability is traded as CVE-2005-4671. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Signal implements new screen security on Windows 11, blocking screenshots by default to protect user privacy from Microsoft’s Recall feature. A Signal update for the Windows app prevents the system from capturing screenshots by default. The feature protects users’ privacy from Microsoft’s Recall feature. “Signal Desktop now includes support for a new “Screen security” setting […]

GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks.  The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource exhaustion, authentication bypasses, and […]

The post Multiple GitLab Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

A vulnerability was found in IBM Lotus Domino iNotes Client 6.5.4. It has been classified as problematic. This affects an unknown part of the component Domino Web Access. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2006-0663. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The US cryptocurrency exchange claimed that the breach occurred in December 2024

Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.  The flaws include authentication bypass vulnerabilities that can be chained to achieve remote code execution and complete system compromise.  Despite responsible disclosure efforts beginning in February 2025, these critical issues remain unpatched, leaving organizations vulnerable […]

The post Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.

As part of a recent survey conducted by Mobile World Live, communications service providers (CSPs) were asked to weigh in on the state of artificial intelligence (AI) innovation and the challenges they face when deploying AI for IT operations (AIOps) in the network. Their responses, published in a 34-page report, offer...