Aggregator

A vulnerability classified as problematic was found in gaizhenbiao ChuanhuChatGPT up to 20240410. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2024-6090. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in h2oai h2o-3 up to 3.46.0. It has been declared as problematic. Affected by this vulnerability is the function MojoConvertTool of the component run_tool. The manipulation leads to resource consumption. This vulnerability is known as CVE-2024-5979. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in stitionai devika. This vulnerability affects unknown code. The manipulation leads to origin validation error. This vulnerability was named CVE-2024-5549. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in gaizhenbiao ChuanhuChatGPT up to 20240410 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-6037. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in gaizhenbiao ChuanhuChatGPT up to 20240410. It has been declared as problematic. This vulnerability affects the function fn_index of the file /queue/join. The manipulation leads to resource consumption. This vulnerability was named CVE-2024-6036. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Ivanti Connect Secure and Policy Secure. Affected by this issue is some unknown functionality of the component Certificate Management. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as CVE-2025-5450. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Audition up to 24.6.3/25.2. This issue affects some unknown processing. The manipulation leads to access of memory location after end of buffer. The identification of this vulnerability is CVE-2025-43580. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Microsoft Office and classified as critical. This vulnerability affects unknown code. The manipulation leads to deserialization. This vulnerability was named CVE-2025-47994. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Veeam Backup & Replication up to 12.3.1.1139. This vulnerability affects unknown code of the component Backup Server. The manipulation leads to code injection. This vulnerability was named CVE-2025-23121. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Hop Engine up to 2.7.x. It has been classified as problematic. This affects an unknown part of the component PrepareExecutionPipelineServlet Page. The manipulation of the argument ID leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2024-24683. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.19.1. Affected is the function put_entry of the component selinux. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-50200. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.19.1 and classified as problematic. Affected by this issue is the function raid_resume of the file lvconvert-raid.sh. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2022-50085. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A statement from Louis Vuitton South Korea said the breach involved names, contact information and other data provided by customers. No financial information was included in the breach.

Один скрипт, три сервера и сотни историй с одинаковым концом.

DShield honeypots have reported previously unheard-of log quantities in a startling increase in cyber reconnaissance activity, with some subnets producing over a million entries in a single day. This surge, observed across multiple honeypot instances including residential and archived setups, marks a departure from historical patterns where high-activity spikes were rare anomalies. Over the past […]

The post DShield Honeypot Scanning Hits Record High with Over 1 Million Logs in a Single Day appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

You don’t always need a vulnerable app to pull off a successful exploit. Sometimes all it takes is a well-crafted email, an LLM agent, and a few “innocent” plugins. This is the story of how I used a Gmail message to trigger code execution through Claude Desktop, and how Claude itself (!) helped me plan..

The post Code Execution Through Email: How I Used Claude to Hack Itself appeared first on Security Boulevard.

NETSCOUT announced Adaptive Threat Analytics, a new enhancement to its Omnis Cyber Intelligence Network Detection and Response (NDR) solution, designed to improve incident response and reduce risk. Adaptive Threat Analytics enables security teams to investigate, hunt, and respond to cyber threats more rapidly. Cybersecurity professionals face a challenge in the race against time to detect and respond appropriately to cyber threats before it is too late. Alert fatigue, increasing alert volume, fragmented visibility from siloed … More →

The post NETSCOUT Adaptive Threat Analytics improves incident response appeared first on Help Net Security.

A new phishing campaign uses SVG files for JavaScript redirects, bypassing traditional detection methods

Criminal networks are adapting quickly, and they're betting that companies won't keep pace. Let's prove them wrong.