Aggregator

CVE-2023-0803 | LibTIFF 4.4.0 TIFF File tools/tiffcrop.c out-of-bounds write (Issue 501 / Nessus ID 240052)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in LibTIFF 4.4.0. It has been classified as critical. This affects an unknown part of the file tools/tiffcrop.c of the component TIFF File Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2023-0803. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2022-48281 | LibTIFF up to 4.5.0 TIFF Image tools/tiffcrop.c processCropSelections heap-based overflow (Issue 488 / Nessus ID 240052)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as critical, was found in LibTIFF up to 4.5.0. Affected is the function processCropSelections of the file tools/tiffcrop.c of the component TIFF Image Handler. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2022-48281. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-0797 | LibTIFF 4.4.0 TIFF File libtiff/tif_unix.c out-of-bounds (Issue 495 / Nessus ID 240052)

Vuldb Updates
2 months 2 weeks ago
A vulnerability classified as problematic has been found in LibTIFF 4.4.0. This affects an unknown part of the file libtiff/tif_unix.c of the component TIFF File Handler. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2023-0797. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-0798 | LibTIFF 4.4.0 TIFF File tools/tiffcrop.c out-of-bounds (Issue 492 / Nessus ID 240052)

Vuldb Updates
2 months 2 weeks ago
A vulnerability classified as problematic was found in LibTIFF 4.4.0. This vulnerability affects unknown code of the file tools/tiffcrop.c of the component TIFF File Handler. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2023-0798. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-0795 | LibTIFF 4.4.0 TIFF File tools/tiffcrop.c out-of-bounds (Issue 493 / Nessus ID 240052)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in LibTIFF 4.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file tools/tiffcrop.c of the component TIFF File Handler. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2023-0795. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

150K+ Users Affected by Malicious Loan Apps on iOS and Google Play

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

Over 150,000 users across Google Play and the Apple App Store have fallen victim to a malicious SpyLoan application named “RapiPlata,” which was identified in February 2025 by advanced detection engines. This app, posing as a legitimate financial service primarily targeting Colombian users, achieved a Top 20 ranking in the finance category on SimilarWeb in […]

The post 150K+ Users Affected by Malicious Loan Apps on iOS and Google Play appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2025-3774 | Wise Chat Plugin up to 3.3.4 on WordPress Header X-Forwarded-For cross site scripting (EUVD-2025-18449)

Vuldb Updates
2 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Wise Chat Plugin up to 3.3.4 on WordPress. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to cross site scripting. This vulnerability is traded as CVE-2025-3774. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-6158 | D-Link DIR-665 1.00 HTTP POST Request sub_AC78 stack-based overflow (EUVD-2025-18473)

Vuldb Updates
2 months 2 weeks ago
A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6158. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6164 | TOTOLINK A3002R 4.0.0-B20230531.1404 HTTP POST Request /boafrm/formMultiAP submit-url buffer overflow (EUVD-2025-18482)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-6164. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-6166 | frdel Agent-Zero up to 0.8.4 /python/api/image_get.py image_get path path traversal (Issue 383 / EUVD-2025-18479)

Vuldb Updates
2 months 2 weeks ago
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. The identification of this vulnerability is CVE-2025-6166. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

OpenAI 和微软之间的紧张关系加剧

Solidot
2 months 2 weeks ago
OpenAI 和微软之间的紧张关系接近临界点。OpenAI 希望削弱微软对其 AI 产品和计算资源的掌控,并确保它批准其转型为营利性公司。微软是 OpenAI 最大的投资者,它的对 OpenAI 转型的批准是其筹集更多资金并上市的关键。OpenAI 高管最近几周谈论了所谓的核选项:指控微软在双方合作期间有反竞争行为。这可能意味着寻求美国联邦监管机构对双方的合同条款进行审查,寻找可能违反反垄断的行为。此举可能威胁到双方六年的合作关系。根据双方的协议,微软可使用 OpenAI 的所有 IP。但双方的产品如今存在竞争关系,微软推出了 AI 编程助手 GitHub Copilot 而 OpenAI 正在收购提供 AI 编程助手的 Windsurf 公司,它不希望微软能访问 Windsurf 的知识产权。

Hackers Exploiting Chrome Zero‑Day Vulnerability in the Wild

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 2 weeks ago

A newly discovered zero-day vulnerability in Google Chrome, tracked as CVE-2025-2783, is being actively exploited by hackers in sophisticated cyber-espionage campaigns. Security researchers have observed a surge in targeted attacks leveraging this flaw, with attribution pointing to the advanced persistent threat (APT) group Team46, also known as TaxOff. The Attack Campaign The first signs of […]

The post Hackers Exploiting Chrome Zero‑Day Vulnerability in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Divya

Managed ad