Aggregator

A vulnerability classified as problematic has been found in net-textproto up to 1.21.7/1.22.0 on Go. This affects the function Request.ParseMultipartForm/Request.FormValue/Request.PostFormValue/Request.FormFile. This manipulation causes resource consumption. This vulnerability is registered as CVE-2023-45290. The attack requires access to the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in net-http-cookiejar up to 1.21.7/1.22.0 on Go. This impacts an unknown function of the component HTTP Header Handler. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2023-45289. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in crypto-x509 up to 1.21.7/1.22.0 on Go. Affected is an unknown function of the file crypto/tls of the component Certificate Chain Handler. Performing a manipulation results in null pointer dereference. This vulnerability is reported as CVE-2024-24783. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in net-mail up to 1.21.7/1.22.0 on Go. Affected by this vulnerability is the function ParseAddressList of the component Display Name Handler. Executing a manipulation can lead to improper neutralization. This vulnerability appears as CVE-2024-24784. The attacker needs to be present on the local network. There is no available exploit. You should upgrade the affected component.

Currently trending CVE - Hype Score: 8 - A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 ...

Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery

Банальная лень помогает богатеть киберпреступникам.

CISO Insights Reveal Gaps Between AI Adoption Speed and Data Security Maturity
A survey of 124 CISOs reveals most enterprises have scaled AI but lack confidence in data security controls. With only one in five initiatives meeting KPIs, gaps in enforcement, data trust and visibility are emerging as critical barriers to AI success.

Slumping Stock and Slower Growth Than Rival Rubrik Pave Way for Take-Private Deal
Reuters reported that Commvault is working with Goldman Sachs to explore a sale after receiving takeover interest from both private equity firms and strategic buyers. Thoma Bravo is among the buyers that have expressed interest in Commvault, sources told Reuters.

Congressional Funding Standoff Still Unresolved
The Cybersecurity and Infrastructure Security Agency has told furloughed workers to report to work despite an ongoing funding lapse. U.S. DHS officials in recent days directed all furloughed personnel to return to work on their next scheduled shift, amid increasing concerns from cybersecurity analysts.

Malware-as-a-Service Operations Favors Russian-Speaking Customers
An emerging remote access Trojan targeting Android devices in Spanish-speaking nations is propagating fraudulent advertisements as an initial access point on Meta-owned applications.

OpenAI Unveils GPT‑5.4‑Cyber in Pointed Rejoinder to Anthropic
OpenAI unveiled Tuesday its answer to AI rival Anthropic's much-touted private release of a cybersecurity model by announcing the broader availability of GPT‑5.4‑Cyber. Internal safeguards, customer verification and "trust signals" will safeguard the world from misuse, the company asserted.

Why CISOs Must Rethink Trust, MFA and Machine Identity Governance
AI-driven phishing emails, voice deepfakes and synthetic identities have changed the threat landscape. Attackers now mimic trusted users with precision. Security teams can no longer rely on static controls or traditional verification methods.

A vulnerability, which was classified as critical, was found in texlive-bin c515e. This issue affects the function ttfLoadHDMX:ttfdump of the component TTF File Handler. The manipulation results in heap-based buffer overflow. This vulnerability is cataloged as CVE-2024-25262. The attack must originate from the local network. There is no exploit available.

A vulnerability classified as critical was found in Commend WS203VICM up to 1.7. Impacted is an unknown function of the component Messages Handler. Executing a manipulation can lead to argument injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is registered as CVE-2024-22182. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Commend WS203VICM up to 1.7. The impacted element is an unknown function. The manipulation results in weak encoding for password. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2024-23492. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability identified as critical has been detected in laurelbridge DICOM Connectivity Framework up to 2.7.6a. This issue affects some unknown processing of the file format_logfile.pl. Performing a manipulation results in path traversal. This vulnerability is cataloged as CVE-2024-25386. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability classified as critical was found in Mini-Tmall up to 20231017. Affected by this issue is some unknown functionality of the file ?r=tmall/admin/user/1/1. Executing a manipulation of the argument orderBy can lead to sql injection. This vulnerability appears as CVE-2024-2074. The attack may be performed from remote. In addition, an exploit is available.