Aggregator

CVE-2025-55904 | Open5GS up to 2.7.5 lib/sbi/message.c parse_multipart null pointer dereference (ID 3942 / EUVD-2025-29720)

Vuldb Updates
9 months 1 week ago
A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. This impacts the function parse_multipart in the library lib/sbi/message.c. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-55904. The attack needs to be approached within the local network. There is no available exploit. It is recommended to apply a patch to fix this issue.
vuldb.com

Qilin

Dark Feed IO
9 months 1 week ago

You must login to view this content

cohenido

Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released

Cyber Security News
9 months 1 week ago

A critical security flaw has been discovered in Greenshot, a popular open-source screenshot utility for Windows. The vulnerability allows a local attacker to execute arbitrary code within the Greenshot process, potentially enabling them to bypass security measures and carry out further attacks. A proof-of-concept (PoC) exploit has been released, demonstrating the severity of the issue. […]

The post Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released appeared first on Cyber Security News.

Guru Baran

DEF CON 33: Andra Lezza On Being A DC Speake

Security Boulevard
9 months 1 week ago

Creators, Authors and Presenters: Helvetigoth interviews Andra Lezza

Our sincere appreciation to DEF CON, and the Creators/Presenters/Authors for publishing their timely DEF CON 33 outstanding content. Originating from the conference's events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 33: Andra Lezza On Being A DC Speake appeared first on Security Boulevard.

Marc Handelman

迪士尼华纳等起诉中国 AI 公司侵犯版权

Solidot
9 months 1 week ago
Disney(包括漫威、卢卡斯影业和 20 世纪福克斯)、Warner Bros. Discovery(包括 DC 漫画) 和 NBCUniversal (包括梦工厂)起诉中国 AI 公司上海稀宇科技有限公司(MiniMax)蓄意且肆无忌惮的侵犯版权。在递交到加州中区联邦地区法院的诉状中,好莱坞巨头指控 MiniMax 无视美国版权法,将它们的版权角色作为自己的角色使用。MiniMax 运营着名为海螺(Hailuo)的图像和视频生成服务,大规模盗版和掠夺原告们的版权作品。MiniMax 宣传海螺服务是口袋里的好莱坞工作室,但其业务是建立在窃取好莱坞工作室知识产权的基础之上。起诉书列举了侵权案例——使用迪士尼的版权角色达斯维达生成图像和视频。好莱坞工作室寻求赔偿以及禁止 MiniMax 继续侵犯其版权作品。

When Every Second Counts: Rethinking Authentication for Modern Healthcare

Security Boulevard
9 months 1 week ago

In the emergency room at 2 AM, a cardiac patient arrives in distress. The attending physician rushes to the nearest workstation—one that three other doctors have used in the past hour—and needs immediate access to prescribe life-saving medication. But first, there’s the familiar friction: logging out the previous user, entering credentials, waiting for systems to..

The post When Every Second Counts: Rethinking Authentication for Modern Healthcare appeared first on Security Boulevard.

Jack Poller

CVE-2025-10642 | wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2 /q.php path cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability classified as problematic was found in wangchenyi1996 chat_forum up to 80bdb92f5b460d36cab36e530a2c618acef5afd2. This impacts an unknown function of the file /q.php. Such manipulation of the argument path leads to cross site scripting. This vulnerability is traded as CVE-2025-10642. The attack may be launched remotely. There is no exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
vuldb.com

CVE-2025-40933 | KGOLDOV Apache::AuthAny up to 0.201 on Perl rand generation of predictable numbers or identifiers

VulDB Recent Entries
9 months 1 week ago
A vulnerability described as problematic has been identified in KGOLDOV Apache::AuthAny up to 0.201 on Perl. The impacted element is the function rand. The manipulation results in generation of predictable numbers or identifiers. This vulnerability is reported as CVE-2025-40933. The attack can be launched remotely. No exploit exists.
vuldb.com

CVE-2025-0879 | Shopside App prior 17.02.2025 cross site scripting

VulDB Recent Entries
9 months 1 week ago
A vulnerability marked as problematic has been reported in Shopside App. The affected element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is documented as CVE-2025-0879. The attack can be initiated remotely. There is not any exploit available. This product is a managed service, therefore users are not responsible for maintaining vulnerability countermeasures. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-54467 | SUSE neuvector up to 5.4.5 insufficiently protected credentials (GHSA-w54x-xfxg-4gxq)

VulDB Recent Entries
9 months 1 week ago
A vulnerability labeled as problematic has been found in SUSE neuvector up to 5.4.5. Impacted is an unknown function. Executing manipulation can lead to insufficiently protected credentials. This vulnerability is registered as CVE-2025-54467. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.
vuldb.com

Managed ad