Aggregator

A vulnerability was found in Agner Fog aForum 1.32. It has been declared as critical. This vulnerability affects unknown code of the file common/errormsg.php. The manipulation of the argument header leads to file inclusion. This vulnerability was named CVE-2007-2634. The attack can be initiated remotely. Furthermore, there is an exploit available.

Emerging artificial intelligence and machine learning technologies being applied in the health and wellness space that are not necessarily covered by HIPAA but instead fall under a variety of tough new state privacy laws that are being enacted, said attorney Lily Li of Metaverse Law.

Latest AI Model Improves Coding Capabilities But Has a Penchant for Blackmail
Startup Anthropic has birthed a new artificial intelligence model, Claude Opus 4, that tests show delivers complex reasoning and code-writing capabilities, but it also has a Machiavellian streak for solving office problems and a penchant for whistleblowing in response to perceived wrongdoing.

Teenager Charged With Stealing K-12 Student and Faculty Data, $3 Million Extortion
Massachusetts teenage college student Matthew Lane has been accused of hacking into K-12 student information system platform provider PowerSchool and holding stolen student and faculty data for ransom. Prosecutors said Lane has agreed to plead guilty to multiple charges tied to two hack attacks.

A vulnerability has been found in ARTEC EMA Mail 6.92 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-46610. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Znuny up to 7.1.3. It has been declared as problematic. This vulnerability affects unknown code of the component Generic Interface. The manipulation leads to permission issues. This vulnerability was named CVE-2025-26846. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in EngineerCMS up to 1.02/2.0.5 and classified as critical. This issue affects some unknown processing of the file /project/addprojtemplet. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-44830. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in vvveb CMS 1.0.6. It has been classified as critical. Affected is an unknown function. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-44022. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Lumi H5P-Nodejs-library up to 9.3.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-47828. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach. SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach at the North Carolina-based lab. Marlboro-Chesterfield Pathology (MCP), founded in 1990 in Pinehurst, NC, is a full-service lab offering molecular, cytology, and pathology testing. Known […]

A vulnerability was found in Google Chrome and classified as critical. This issue affects some unknown processing of the component Javascript. The manipulation as part of HTML Page leads to use after free. The identification of this vulnerability is CVE-2019-5825. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Alleged Sale of Binance Customer Information from USA

A vulnerability was found in Microsoft Windows up to Server 2016 and classified as critical. Affected by this issue is some unknown functionality of the component Win32k. The manipulation leads to use after free. This vulnerability is handled as CVE-2023-29336. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Учёные предупреждают: малозаметные астероиды на орбите Венеры могут быть опасны для Земли.

A vulnerability was found in Grandstream GSD3710 1.0.11.13. It has been declared as critical. This vulnerability affects the function sscanf. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2022-2070. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component jhttpd. The manipulation of the argument notify leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-5228. The attack can only be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The identification of this vulnerability is CVE-2025-5227. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument oldpass leads to sql injection. This vulnerability was named CVE-2025-5226. The attack can be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

Submit #583430 / VDB-310326