Aggregator

A vulnerability identified as problematic has been detected in moeru-ai airi 0.7.2-beta.2. Affected by this issue is the function highlightTagToHtml in the library crates/tauri-plugin-mcp/src/lib.rs of the file packages/stage-ui/src/components/MarkdownRenderer.vue. This manipulation causes cross site scripting. This vulnerability is handled as CVE-2025-59053. The attack can be initiated remotely. There is not any exploit available. To fix this issue, it is recommended to deploy a patch.

A vulnerability categorized as problematic has been discovered in Lenovo Browser 5.1.110.5082. Affected by this vulnerability is an unknown functionality. The manipulation results in uncontrolled search path. This vulnerability is known as CVE-2025-9201. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability was found in Microsoft Visual Studio Code 1.99.1. It has been rated as critical. Affected is an unknown function of the component Agentic AI. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-55319. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in instantsoft icms2 up to 2.17.3. It has been declared as critical. This impacts an unknown function of the component HTTPS Request Handler. Executing manipulation of the argument package can lead to server-side request forgery. This vulnerability appears as CVE-2025-59055. The attack may be performed from remote. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability was found in Lenovo Wallpaper Client up to 3.0.70.3301. It has been classified as problematic. This affects an unknown function. Performing manipulation results in download of code without integrity check. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is reported as CVE-2025-9319. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability was found in Lenovo LJ2206W Printer, M7206W Printer, M7216NWA Printer, M7256WHF Printer, LJ2655DN Printer, M7615DNA, M7626DNA Printer, M7628DNA Printer, M7455DNF Printer, M7675DXF Printer, M7685DXF Printer and M7686DXF and classified as critical. The impacted element is an unknown function of the component CUPS Service. Such manipulation leads to missing authentication. This vulnerability is documented as CVE-2025-9214. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Lenovo Dispatcher Driver 3.0/3.1 and classified as critical. The affected element is an unknown function. This manipulation causes exposed ioctl with insufficient access control. This vulnerability is registered as CVE-2025-8061. The attack needs to be launched locally. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Subrion CMS 4.2.1. Impacted is an unknown function of the component SQL Query Feature. The manipulation results in authorization bypass through user-controlled sql primary key. This vulnerability is cataloged as CVE-2025-56556. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Axios up to 1.11.x. This issue affects some unknown processing. The manipulation leads to allocation of resources. This vulnerability is listed as CVE-2025-58754. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability classified as problematic was found in Liferay Portal and DXP. This vulnerability affects unknown code of the component JSON Web Service. Executing manipulation can lead to incorrect authorization. This vulnerability is tracked as CVE-2025-43789. The attack is only possible within the local network. No exploit exists.

A vulnerability classified as critical has been found in Daikin Security Gateway. This affects an unknown part. Performing manipulation results in weak password recovery. This vulnerability is identified as CVE-2025-10127. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as very critical has been identified in Lenovo XClarity Orchestrator up to 2.1.x. Affected by this issue is some unknown functionality of the component LXCO API Service. Such manipulation leads to unprotected alternate channel. This vulnerability is referenced as CVE-2025-8557. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Liferay Portal and DXP. Affected by this vulnerability is an unknown functionality of the component Organization Selector Handler. This manipulation causes missing authorization. The identification of this vulnerability is CVE-2025-43788. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in GitLab Community Edition and Enterprise Edition up to 18.1.5/18.2.5/18.3.1. Affected is an unknown function of the component Token Handler. The manipulation results in improper validation of specified quantity in input. This vulnerability was named CVE-2025-10094. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability identified as problematic has been detected in IBM Fusion, Fusion HCI and Fusion HCI for Watsonx up to 2.10.1. This impacts an unknown function. The manipulation leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-36222. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

曾与 YouTube 等竞争的视频网站 Vimeo 以 13.8 亿美元现金出售给意大利公司 Bending Spoons。Vimeo(VMEO)被私有化，交易预计将于 2026 年初完成，Vimeo 股东将以每股 7.85 美元获得现金。Vimeo 成立于 2004 年，是最早的视频分享平台之一，其视频以高质量著称，最近几年其市场份额逐渐被 YouTube 等蚕食，该公司因此更专注于满足企业客户的需求。Bending Spoons 曾在 2023 年收购了知名笔记应用印象笔记（Evernote），然后解雇了所有员工（这种做法不是第一次了）。最新收购对 Vimeo 的用户可能不是好消息。

Защитные барьеры между разными пользователями оказались бесполезной пустышкой.

AI is being added to business processes faster than it is being secured, creating a wide gap that attackers are already exploiting, according to the SANS Institute. The scale of the problem Attackers are using AI to work at speeds that humans cannot match. Phishing messages are more convincing, privilege escalation happens faster, and automated scripts can adjust mid-attack to avoid detection. The report highlights research showing that AI-driven attacks can move more than 40 … More →

The post CISOs brace for a new kind of AI chaos appeared first on Help Net Security.

In the pharmaceutical industry, clinical trial data, patient records, and proprietary drug formulas are prime targets for cybercriminals. These high-value assets make the sector a constant focus for attacks. Disruptions to research or medicine distribution can have life-threatening consequences. “During global health crises, cyber attackers swiftly exploit vulnerabilities. The COVID-19 pandemic saw a fivefold increase in phishing attempts targeting WHO, with attackers impersonating leadership to distribute malware,” said Flavio Aggio, CISO at the World Health … More →

The post Attackers are coming for drug formulas and patient data appeared first on Help Net Security.

Обновление Chrome 140 осложнило использование популярных блокировщиков рекламы.