Aggregator

CVE-2022-29246 | Microsoft Azure RTOS USBX up to 6.1.10 ux_device_class_dfu_control_request buffer overflow (GHSA-hh5p-x584-j8hv)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability was found in Microsoft Azure RTOS USBX up to 6.1.10. It has been classified as critical. Impacted is the function ux_device_class_dfu_control_request. Performing manipulation results in buffer overflow. This vulnerability is reported as CVE-2022-29246. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.
vuldb.com

CVE-2022-36063 | Azure RTOS USBX prior 6.1.12 _ux_host_class_cdc_ecm_mac_address_get integer underflow (GHSA-chpp-5fv9-6368)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability categorized as critical has been discovered in Azure RTOS USBX. This vulnerability affects the function _ux_host_class_cdc_ecm_mac_address_get. Executing manipulation can lead to integer underflow. This vulnerability is registered as CVE-2022-36063. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2022-39293 | Azure RTOS USBX 6.1.12 ux_host_class_pima_read.c _ux_host_class_pima_read buffer overflow (GHSA-gg76-h537-xq48)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability was found in Azure RTOS USBX 6.1.12 and classified as critical. Affected by this issue is the function _ux_host_class_pima_read of the file ux_host_class_pima_read.c. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2022-39293. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-48695 | azure-rtos usbx up to 6.2.1 out-of-bounds write (GHSA-mwj9-rpph-v8wc)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability marked as critical has been reported in azure-rtos usbx up to 6.2.1. The impacted element is an unknown function. The manipulation leads to out-of-bounds write. This vulnerability is listed as CVE-2023-48695. It is possible to launch the attack on the physical device. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-48696 | azure-rtos usbx up to 6.2.1 unusual condition (GHSA-h733-98hq-f884)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability described as problematic has been identified in azure-rtos usbx up to 6.2.1. This affects an unknown function. The manipulation results in improper check for unusual conditions. This vulnerability is cataloged as CVE-2023-48696. An attack on the physical device is feasible. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2023-48697 | azure-rtos usbx up to 6.2.1 null pointer dereference (GHSA-p2p9-wp2q-wjv4)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability classified as problematic has been found in azure-rtos usbx up to 6.2.1. This impacts an unknown function. This manipulation causes null pointer dereference. This vulnerability is registered as CVE-2023-48697. It is feasible to perform the attack on the physical device. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-48698 | azure-rtos usbx up to 6.2.1 unusual condition (GHSA-grhp-f66q-x857)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability classified as problematic was found in azure-rtos usbx up to 6.2.1. Affected is an unknown function. Such manipulation leads to improper check for unusual conditions. This vulnerability is documented as CVE-2023-48698. The attack can be executed directly on the physical device. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2025-11938 | ChurchCRM up to 5.18.0 setup/routes/setup.php DB_PASSWORD/ROOT_PATH/URL deserialization (EUVD-2025-35002 / CNNVD-202510-2557)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability classified as critical has been found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. This vulnerability was named CVE-2025-11938. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-37947 | Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5 ksmbd_vfs_stream_write out-of-bounds (Nessus ID 237223 / WID-SEC-2025-1114)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been classified as problematic. This vulnerability affects the function ksmbd_vfs_stream_write. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2025-37947. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2022-47986 | IBM Aspera Faspex 4.4.1 YAML deserialization (EDB-51316 / XFDB-243512)

Vuldb Updates
14 hours 57 minutes ago
A vulnerability labeled as very critical has been found in IBM Aspera Faspex 4.4.1. Affected by this vulnerability is an unknown functionality of the component YAML Handler. The manipulation results in deserialization. This vulnerability is cataloged as CVE-2022-47986. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.
vuldb.com

OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT

Cyber Security News
14 hours 57 minutes ago

A critical vulnerability in OpenAI’s newly launched ChatGPT Atlas browser enables attackers to inject malicious instructions into ChatGPT’s memory and execute remote code on user systems. This flaw, uncovered by LayerX, exploits Cross-Site Request Forgery (CSRF) to hijack authenticated sessions, potentially infecting devices with malware or granting unauthorized access. The discovery highlights escalating risks in […]

The post OpenAI Atlas Browser Vulnerability Allows Malicious Code Injection into ChatGPT appeared first on Cyber Security News.

Guru Baran

New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands

The Hackers News
14 hours 58 minutes ago
Cybersecurity researchers have discovered a new vulnerability in OpenAI's ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant's memory and run arbitrary code. "This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware," LayerX
The Hacker News

CVE-2025-12347 | MaxSite CMS up to 109 save-file-ajax.php file_path/content unrestricted upload

VulDB Recent Entries
15 hours 10 minutes ago
A vulnerability, which was classified as critical, was found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. This vulnerability is handled as CVE-2025-12347. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12346 | MaxSite CMS up to 109 HTTP Header uploads-require-maxsite.php X-Requested-FileName/X-Requested-FileUpDir unrestricted upload

VulDB Recent Entries
15 hours 10 minutes ago
A vulnerability, which was classified as critical, has been found in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. This vulnerability is known as CVE-2025-12346. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad