Aggregator

A vulnerability has been found in Mozilla Firefox up to 140 on Android and classified as problematic. This issue affects some unknown processing of the component Address Bar. The manipulation leads to clickjacking. This vulnerability is uniquely identified as CVE-2025-8041. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Mozilla Firefox up to 140 on Android and classified as critical. Impacted is an unknown function of the component iFrame Handler. The manipulation results in improper access controls. This vulnerability was named CVE-2025-8042. The attack may be performed from a remote location. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.133/6.6.86/6.12.22/6.13.10/6.14.1. It has been declared as problematic. This affects the function build_prologue of the component LoongArch. Executing manipulation can lead to off-by-one. This vulnerability is handled as CVE-2025-37893. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel. The affected element is the function ssi_protocol_probe of the component HSI. The manipulation leads to use after free. This vulnerability is listed as CVE-2025-37838. The attack must be carried out from within the local network. There is no available exploit. It is advisable to upgrade the affected component.

Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8. The vulnerability is an out-of-bounds write issue in the V8 JavaScript engine that was discovered by Big Sleep AI. […]

A critical remote code execution (RCE) vulnerability in CodeRabbit’s production infrastructure that provided unauthorized access to over one million code repositories, including private ones.  The vulnerability, discovered in December 2024 and responsibly disclosed in January 2025, exploited the platform’s static analysis tool integration to leak sensitive API credentials and gain write access to GitHub repositories […]

The post CodeRabbit’s Production Servers RCE Vulnerability Enables Write Access on 1M Repositories appeared first on Cyber Security News.

The majority of events globally are caused by phishing, which continues to be the most common vector for cyberattacks in the constantly changing world of cyber threats. The proliferation of affordable Phishing-as-a-Service (PhaaS) platforms such as Tycoon2FA, EvilProxy, and Sneaky2FA has exacerbated this issue, enabling even novice attackers to deploy sophisticated campaigns. These services are […]

The post New Salty 2FA PhaaS Platform Targets Microsoft 365 Users to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in ThinkInAIXYZ deepchat up to 0.3.0. It has been classified as critical. This affects an unknown function of the component URL Handler. This manipulation causes code injection. This vulnerability is tracked as CVE-2025-55733. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in LogicData eCommerce Framework 5.0.9.7000. It has been rated as critical. Affected is an unknown function of the component Content Explorer Feature. Performing manipulation results in unrestricted upload. This vulnerability is cataloged as CVE-2025-52337. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Cicool 3.4.4 and classified as critical. This affects an unknown part of the file /administrator/auth/reset_password. Executing manipulation can lead to weak password recovery. The identification of this vulnerability is CVE-2025-51543. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Mozilla Firefox up to 140 on iOS. The impacted element is an unknown function of the component iFrame Handler. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2025-54143. The attack may be performed from a remote location. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Mozilla Firefox up to 138. Affected by this issue is the function vpx_codec_enc_init_multi of the component WebRTC. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2025-5262. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

$22,8 млн превратились в ракетное топливо.

当前网络威胁态势快速演变，高度组织化的恶意攻击者持续发动更具破坏性和复杂性的攻击，而防御方往往准备不足。

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this vulnerability is the function ext4_empty_dir. Such manipulation of the argument new leads to out-of-bounds read. This vulnerability is traded as CVE-2025-37785. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 4.19.170/5.4.92/5.10.10. The impacted element is the function peak_usb_netif_rx_ni. Performing manipulation results in use after free. This vulnerability is known as CVE-2021-47670. Access to the local network is required for this attack. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.14.18/5.15.2. This affects the function es58x_rx_err_msg. Executing manipulation can lead to memory leak. This vulnerability is handled as CVE-2021-47671. The attack can only be done within the local network. There is not any exploit available. You should upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 4.14.217/4.19.170/5.4.92/5.10.10. This issue affects the function netif_rx_ni of the component vxcan. The manipulation leads to use after free. This vulnerability is listed as CVE-2021-47669. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 5.10.10. The affected element is the function netif_rx_ni. Such manipulation leads to use after free. This vulnerability is traded as CVE-2021-47668. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Linux Kernel up to 5.9.8 and classified as critical. This impacts the function can_get_echo_skb of the file net/core/skbuff.c. The manipulation leads to improper update of reference count. This vulnerability is uniquely identified as CVE-2020-36789. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.