Aggregator

A vulnerability classified as critical was found in Oracle Banking Platform 2.6.2/2.7.1/2.9.0/2.12.0. Affected by this vulnerability is an unknown functionality of the component Security. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-42003. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Oracle Financial Services Crime and Compliance Management Studio 8.0.8.3.1 and classified as critical. This issue affects some unknown processing of the component Studio. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-42003. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Global Lifecycle Management NextGen OUI Framework 12.2.1.3.0/12.2.1.4.0/13.9.4.2.2 and classified as critical. This issue affects some unknown processing of the component NextGen Installer issues. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2022-42003. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Oracle Primavera Unifier 18.8/19.12/20.12/21.12/22.12 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Document Management. The manipulation leads to denial of service. This vulnerability is known as CVE-2022-42003. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dns_pack.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-1674. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.0. It has been declared as problematic. Affected by this vulnerability is the function dns_validate_msg of the file subsys/net/lib/dns/resolve.c. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-1673. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in nickboss File Upload Plugin up to 4.25.2 on WordPress. It has been classified as problematic. Affected is the function wfu_file_details. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-13494. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in zephyrproject-rtos Zephyr up to 4.0 and classified as problematic. This issue affects the function dns_copy_qname of the file dns_pack.c. The manipulation of the argument lb_size leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-1675. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in yawaveadmin Yawave Plugin up to 2.9.1 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation of the argument lbid leads to sql injection. This vulnerability was named CVE-2025-1648. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in techlabpro1 Classified Listing Plugin up to 4.0.4 on WordPress. This affects the function rtcl_taxonomy_settings_export. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-1063. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

作者：DARKNAVY 原文链接：https://mp.weixin.qq.com/s/BZtSTpTQbNiAY_KDhnqc8Q “看到了软件的源码，就意味着没有后门吗？” 1983年的图灵奖颁奖仪式上，Ken Thompson抛出了这个问题。作为历史上唯三在40岁以下获得图灵奖的传奇之一，他在获奖演讲中向听众展示了如何通过在编译器中植入后门来骇入由无害源码编译得到的Unix系统。Ken...

A vulnerability, which was classified as critical, has been found in wpeverest Everest Forms Plugin up to 3.0.9.4 on WordPress. Affected by this issue is the function format of the file EVF_Form_Fields_Upload of the component Path Validation Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-1128. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

As data continues to fuel AI’s evolution, the fight for privacy will become more complex and more urgent than ever before.

The post Data Entanglement, AI and Privacy: Why the Law Isn’t Ready appeared first on Security Boulevard.

2.84亿账户被信息窃取木马窃取，HIBP紧急更新数据库，强调“这些新API将帮助组织识别并阻止恶意活动”。