Aggregator

CVE-2025-58340 | Samsung Mobile Processor/Wearable Processor Exynos up to 2200 Wi-Fi Driver send_delts memory allocation

VulDB Recent Entries
4 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Samsung Mobile Processor and Wearable Processor Exynos up to 2200. The impacted element is an unknown function of the file /proc/driver/unifi0/send_delts of the component Wi-Fi Driver. This manipulation causes uncontrolled memory allocation. This vulnerability is registered as CVE-2025-58340. The attack requires access to the local network. No exploit is available.
vuldb.com

CVE-2025-62603 | eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0 message_data out-of-bounds

VulDB Recent Entries
4 months 1 week ago
A vulnerability classified as problematic was found in eProsima Fast-DDS up to 2.6.10/3.3.0/3.4.0. The affected element is an unknown function. The manipulation of the argument message_data results in out-of-bounds read. This vulnerability is cataloged as CVE-2025-62603. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2019-19006 | Sangoma FreePBX up to 13.0.197.13/14.0.13.11/15.0.16.26 Access Control authorization

Vuldb Updates
4 months 1 week ago
A vulnerability was found in Sangoma FreePBX up to 13.0.197.13/14.0.13.11/15.0.16.26. It has been declared as critical. This affects an unknown part of the component Access Control. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2019-19006. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2021-39935 | GitLab Community Edition/Enterprise Edition up to 14.3.5/14.4.3/14.5.1 CI Lint API server-side request forgery (Issue 34618)

Vuldb Updates
4 months 1 week ago
A vulnerability, which was classified as critical, was found in GitLab Community Edition and Enterprise Edition up to 14.3.5/14.4.3/14.5.1. This affects an unknown part of the component CI Lint API. Such manipulation leads to server-side request forgery. This vulnerability is documented as CVE-2021-39935. The attack can be executed remotely. Additionally, an exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-64328 | FreePBX Endpoint Manager up to 17.0.2 Filestore check_ssh_connect os command injection (GHSA-vm9p-46mv-5xvw / EUVD-2025-38232)

Vuldb Updates
4 months 1 week ago
A vulnerability labeled as critical has been found in FreePBX Endpoint Manager up to 17.0.2. Affected by this vulnerability is the function check_ssh_connect of the component Filestore Module. Executing a manipulation can lead to os command injection. The identification of this vulnerability is CVE-2025-64328. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
vuldb.com

GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers

Cyber Security News
4 months 1 week ago

GlassWorm has emerged as a serious threat to developers using the Open VSX Registry, where popular VSX extensions were silently turned into delivery vehicles for malware. Threat actors compromised a trusted publisher account and pushed poisoned updates that looked like routine releases but actually carried a staged loader. These extensions, which had more than 22,000 […]

The post GlassWorm Infiltrated VSX Extensions with More than 22,000 Downloads to Attack Developers appeared first on Cyber Security News.

Tushar Subhra Dutta

CVE-2026-25238 | pear pearweb up to 1.32.x Bug Subscription Deletion email sql injection (GHSA-cv3c-27h5-7gmv)

VulDB Recent Entries
4 months 1 week ago
A vulnerability classified as critical has been found in pear pearweb up to 1.32.x. Impacted is an unknown function of the component Bug Subscription Deletion. The manipulation of the argument email leads to sql injection. This vulnerability is listed as CVE-2026-25238. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

Lynx

Dark Feed IO
4 months 1 week ago

You must login to view this content

cohenido

CVE-2026-25236 | pear pearweb up to 1.32.x Karma Query sql injection (GHSA-95mc-p966-c29f)

VulDB Recent Entries
4 months 1 week ago
A vulnerability described as critical has been identified in pear pearweb up to 1.32.x. This issue affects some unknown processing of the component Karma Query Handler. Executing a manipulation can lead to sql injection. This vulnerability is tracked as CVE-2026-25236. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-25235 | pear pearweb up to 1.32.x prng seed (GHSA-477r-4cmw-3cgf)

VulDB Recent Entries
4 months 1 week ago
A vulnerability marked as problematic has been reported in pear pearweb up to 1.32.x. This vulnerability affects unknown code. Performing a manipulation results in predictable seed in pseudo-random number generator (prng). This vulnerability is identified as CVE-2026-25235. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-25234 | pear pearweb up to 1.32.x Category Manager sql injection (GHSA-q28j-3p7r-6722)

VulDB Recent Entries
4 months 1 week ago
A vulnerability labeled as critical has been found in pear pearweb up to 1.32.x. This affects an unknown part of the component Category Manager. Such manipulation leads to sql injection. This vulnerability is referenced as CVE-2026-25234. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

CVE-2026-25233 | pear pearweb up to 1.32.x Roadmap operator precedence logic error (GHSA-p92v-9j73-fxx3)

VulDB Recent Entries
4 months 1 week ago
A vulnerability identified as problematic has been detected in pear pearweb up to 1.32.x. Affected by this issue is some unknown functionality of the component Roadmap Handler. This manipulation causes operator precedence logic error. The identification of this vulnerability is CVE-2026-25233. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.
vuldb.com

Compromise of Notepad++ Equals Software Supply Chain Fallout

DataBreachToday.com
4 months 1 week ago
Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts Warn
The widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.

Police Raid Elon Musk's X Paris Office in Criminal Probe

DataBreachToday.com
4 months 1 week ago
Social Media Network Faces Legal Barrage From France, United Kingdom and Spain
In the space of a few hours, French authorities raided X's office in Paris, the British privacy regulator opened an investigation into X and xAI, and Spanish Prime Minister Pedro Sánchez announced legal proposals that would criminalize algorithmic manipulation and amplification of illegal content.

NDSS 2025 – BinEnhance

Security Boulevard
4 months 1 week ago

Session 11B: Binary Analysis

Authors, Creators & Presenters: Yongpan Wang (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Hong Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Xiaojie Zhu (King Abdullah University of Science and Technology, Thuwal, Saudi Arabia), Siyuan Li (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Chaopeng Dong (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China), Shouguo Yang (Zhongguancun Laboratory, Beijing, China), Kangyuan Qin (Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China)

PAPER
BinEnhance: An Enhancement Framework Based on External Environment Semantics for Binary Code Search

Binary code search plays a crucial role in applications like software reuse detection, and vulnerability identification. Currently, existing models are typically based on either internal code semantics or a combination of function call graphs (CG) and internal code semantics. However, these models have limitations. Internal code semantic models only consider the semantics within the function, ignoring the inter-function semantics, making it difficult to handle situations such as function inlining. The combination of CG and internal code semantics is insufficient for addressing complex real-world scenarios. To address these limitations, we propose BINENHANCE, a novel framework designed to leverage the inter-function semantics to enhance the expression of internal code semantics for binary code search. Specifically, BINENHANCE constructs an External Environment Semantic Graph (EESG), which establishes a stable and analogous external environment for homologous functions by using different inter-function semantic relation e.g., call, location, data-co-use}. After the construction of EESG, we utilize the embeddings generated by existing internal code semantic models to initialize EESG nodes. Finally, we design a Semantic Enhancement Model (SEM) that uses Relational Graph Convolutional Networks (RGCNs) and a residual block to learn valuable external semantics on the EESG for generating the enhanced semantics embedding. In addition, BinEnhance utilizes data feature similarity to refine the cosine similarity of semantic embeddings. We conduct experiments under six different tasks e.g}, under function inlining scenario and the results illustrate the performance and robustness of BINENHANCE. The application of BinEnhance to HermesSim, Asm2vec, TREX, Gemini, and Asteria on two public datasets results in an improvement of Mean Average Precision (MAP) from 53.6% to 69.7%. Moreover, the efficiency increases fourfold.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – BinEnhance appeared first on Security Boulevard.

Marc Handelman

CVE-2023-53657 | Linux Kernel up to 6.1.54/6.5.4 ice ice_eswitch_port_start_xmit null pointer dereference (EUVD-2025-31977 / WID-SEC-2025-2229)

Vuldb Updates
4 months 1 week ago
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.54/6.5.4. This impacts the function ice_eswitch_port_start_xmit of the component ice. This manipulation causes null pointer dereference. This vulnerability is tracked as CVE-2023-53657. The attack is only possible within the local network. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

Managed ad