Aggregator

Устройство объёмом с чемодан теряет не более секунды точности за 30 миллиардов лет.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-11-04, 45 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 3.3 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-11-04, 45 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-04, 104 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'KX.H' was reported to the affected vendor on: 2025-11-04, 45 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-04, 45 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-04, 104 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-11-04, 104 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-11-04, 45 days ago. The vendor is given until 2026-03-04 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications. "Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised

微软披露了一种名为SesameOp的新后门恶意软件,该恶意软件利用OpenAI助手API进行命令与控制通信,以实现长期访问和间谍活动。该恶意软件于2025年7月被发现,通过加密命令和API消息机制执行恶意操作,并借助DLL注入和混淆技术增强隐蔽性。

A vulnerability, which was classified as critical, was found in Exim up to 4.94.2. Impacted is an unknown function of the component STARTTLS. The manipulation results in injection. This vulnerability is cataloged as CVE-2021-38371. The attack must originate from the local network. There is no exploit available.

A vulnerability marked as critical has been reported in Encode.pm up to 3.11. This vulnerability affects the function Encode::ConfigLocal. This manipulation causes uncontrolled search path. This vulnerability is tracked as CVE-2021-36770. The attack is possible to be carried out remotely. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability described as critical has been identified in Adobe XMP Toolkit up to 2020.1. Affected by this issue is some unknown functionality. Such manipulation leads to buffer overflow. This vulnerability is documented as CVE-2021-36052. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in Oracle Middleware Common Libraries and Tools 12.2.1.4.0. Impacted is an unknown function of the component Third Party Patch. The manipulation results in uncontrolled search path. This vulnerability was named CVE-2021-36770. The attack needs to be approached locally. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in Adobe XMP Toolkit SDK up to 2020.1. Affected by this issue is some unknown functionality of the component ASLR. Performing manipulation results in out-of-bounds read. This vulnerability is known as CVE-2021-36045. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Adobe XMP Toolkit up to 2020.1. This affects an unknown function. Executing manipulation can lead to buffer overflow. This vulnerability is tracked as CVE-2021-36046. The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Adobe XMP Toolkit SDK up to 2020.1. This impacts an unknown function. The manipulation leads to improper input validation. This vulnerability is listed as CVE-2021-36047. The attack may be initiated remotely. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Adobe XMP Toolkit SDK up to 2020.1. Affected is an unknown function. The manipulation results in improper input validation. This vulnerability is cataloged as CVE-2021-36048. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.