Aggregator

CVE-2024-56428 | itech iLabClient 3.7.1 Database missing encryption (EUVD-2024-54560)

2 months 3 weeks ago

A vulnerability was found in itech iLabClient 3.7.1. It has been classified as problematic. Affected is an unknown function of the component Database. The manipulation leads to missing encryption of sensitive data. This vulnerability is traded as CVE-2024-56428. Local access is required to approach this attack. There is no exploit available.

vuldb.com

CVE-2023-40440 | Apple macOS up to 12.6.7 SMIME cleartext transmission (HT213844 / EUVD-2023-45011)

Vuldb Updates

2 months 3 weeks ago

A vulnerability classified as problematic has been found in Apple macOS up to 12.6.7. This affects an unknown part of the component SMIME Handler. The manipulation leads to cleartext transmission of sensitive information. This vulnerability is uniquely identified as CVE-2023-40440. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2023-40611 | Apache Airflow up to 2.7.0 DAG authorization (EUVD-2023-0018)

Vuldb Updates

2 months 3 weeks ago

A vulnerability was found in Apache Airflow up to 2.7.0. It has been classified as problematic. Affected is an unknown function of the component DAG Handler. The manipulation leads to incorrect authorization. This vulnerability is traded as CVE-2023-40611. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2010-1233 | Google Chrome up to 2.0.172.32 numeric error (Nessus ID 45086 / ID 117083)

Vuldb Updates

2 months 3 weeks ago

A vulnerability classified as very critical has been found in Google Chrome up to 2.0.172.32. This affects an unknown part. The manipulation leads to numeric error. This vulnerability is uniquely identified as CVE-2010-1233. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

New 'CitrixBleed 2' NetScaler flaw let hackers hijack sessions

Bleeping Computer.

2 months 3 weeks ago

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. [...]

Bill Toulas

Qilin

Dark Feed IO

2 months 3 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO

2 months 3 weeks ago

You must login to view this content

cohenido

OpenAI 在企业级市场抢微软的客户

Solidot

2 months 3 weeks ago

去年春天制药公司 Amgen 宣布计划为其 2 万员工采购微软的 Copilot AI 助手，微软为此在多个案例研究中宣传了其新客户。但 13 个月后 Amgen 员工在使用 OpenAI 的 ChatGPT。微软销售表示他们面临向尽可能多的客户推销 Copilot 的压力，对于来自合作伙伴的挑战感到措手不及。OpenAI 在企业级市场抢微软的客户让两家公司本已紧张的关系火上浇油。OpenAI 最近表示其付费企业用户已达 300 万，比几个月前增长了 50%。微软则表示，财富 500 强企业七成都在使用 Copilot，付费用户数量比去年同期增长了两倍。

CVE-2025-25905 | CADClick up to 1.13.0 tree cross site scripting (EUVD-2025-19107)

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability was found in CADClick up to 1.13.0 and classified as problematic. This issue affects some unknown processing. The manipulation of the argument tree leads to cross site scripting. The identification of this vulnerability is CVE-2025-25905. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-57708 | OneTrust SDK 6.33.0 Object.setPrototypeOf/proto/Object.assign denial of service (EUVD-2024-54703)

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability has been found in OneTrust SDK 6.33.0 and classified as problematic. This vulnerability affects the function Object.setPrototypeOf/__proto__/Object.assign. The manipulation leads to denial of service. This vulnerability was named CVE-2024-57708. Attacking locally is a requirement. There is no exploit available.

vuldb.com

CVE-2025-50178 | JuliaWeb GitForge.jl up to 0.4.2 on GitHub GitForge.get_repo information disclosure

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability, which was classified as problematic, was found in JuliaWeb GitForge.jl up to 0.4.2 on GitHub. This affects the function GitForge.get_repo. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-50178. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Citrix security advisory (AV25-374)

CCCS - Alerts and advisories

2 months 3 weeks ago

Canadian Centre for Cyber Security

CVE-2025-49135 | cvat up to 2.39.x authorization (GHSA-frpr-5w6q-hh4f)

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability, which was classified as problematic, has been found in cvat up to 2.39.x. Affected by this issue is some unknown functionality. The manipulation leads to authorization bypass. This vulnerability is handled as CVE-2025-49135. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-49845 | Discourse up to 3.4.5/3.5.0.beta7-dev Whisper information disclosure (EUVD-2025-19108)

VulDB Recent Entries

2 months 3 weeks ago

A vulnerability classified as problematic was found in Discourse up to 3.4.5/3.5.0.beta7-dev. Affected by this vulnerability is an unknown functionality of the component Whisper Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-49845. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

APT28 黑客利用 Signal 聊天工具对乌克兰发动新的恶意软件攻击

安全客

2 months 3 weeks ago

安全客

SecWiki News 2025-06-25 Review

SecWiki News(国内外安全资讯)

2 months 3 weeks ago

关于卫星互联网网络安全风险的研究 by ourren

从Paragon恶意软件分析测绘平台证书搜索能力 by ourren

更多最新文章，请访问SecWiki

Ransomware victims are getting better at haggling with hackers

Ransomware.org

2 months 3 weeks ago

Nearly half of companies paid a ransom to get their data back last year, according to new research, but they’re taking a hard line with hackers to strike fair deals. In its latest State of Ransomware report, Sophos said this was the second highest rate of ransom payments in six years. However, more than half […]

The post Ransomware victims are getting better at haggling with hackers appeared first on Ransomware.org.

Emma Woollacott

Androxgh0st 僵尸网络扩大影响范围，入侵美国大学服务器

安全客

2 months 3 weeks ago

安全客

Security Advisory: Citrix NetScaler ADC / Gateway – CVE‑2025‑6543

Dark Web Informer - Cyber Threat Intelligence

2 months 3 weeks ago

Security Advisory: Citrix NetScaler ADC / Gateway – CVE‑2025‑6543

Dark Web Informer - Cyber Threat Intelligence

New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample

Cyber Security News

2 months 3 weeks ago

Cybersecurity researchers have discovered a groundbreaking new malware strain that represents the first documented attempt to weaponize prompt injection attacks against AI-powered security analysis tools. The malware, dubbed “Skynet” by its creators, was anonymously uploaded to VirusTotal in early June 2025 from the Netherlands, marking a significant evolution in adversarial tactics targeting artificial intelligence systems […]

The post New Malware Spotted in The Wild Using Prompt Injection to Manipulate AI Models Processing Sample appeared first on Cyber Security News.

Tushar Subhra Dutta

Aggregator

Managed ad