Aggregator

OpenAI ChatGPT Atlas Browser Jailbroken to Disguise Malicious Prompt as URLs

Cyber Security News
3 months 2 weeks ago

OpenAI’s newly launched ChatGPT Atlas browser, designed to blend AI assistance with web navigation, faces a serious security flaw that allows attackers to jailbreak the system by disguising malicious prompts as harmless URLs. This vulnerability exploits the browser’s omnibox, a combined address and search bar that interprets inputs as either navigation commands or natural-language prompts […]

The post OpenAI ChatGPT Atlas Browser Jailbroken to Disguise Malicious Prompt as URLs appeared first on Cyber Security News.

Guru Baran

CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
3 months 2 weeks ago

Cybersecurity researchers are sounding the alarm after discovering that hackers are actively exploiting a critical remote code execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, allows unauthenticated attackers to run arbitrary code on vulnerable servers, and evidence suggests that these attacks are being carried out manually, a technique […]

The post CISA Beware! Hackers Are Actively Exploiting Windows Server Update Services RCE Flaw in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Kaaviya

CVE-2025-12224 | Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24 admin/contact.php twitter cross site scripting

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability marked as problematic has been reported in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter causes cross site scripting. This vulnerability appears as CVE-2025-12224. The attack may be initiated remotely. In addition, an exploit is available. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12223 | Bdtask Flight Booking Software up to 3.1 Package Information /b2c/package-information unrestricted upload

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability labeled as critical has been found in Bdtask Flight Booking Software up to 3.1. This affects an unknown part of the file /b2c/package-information of the component Package Information Module. The manipulation results in unrestricted upload. This vulnerability is reported as CVE-2025-12223. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12222 | Bdtask Flight Booking Software up to 3.1 Deposit deposit unrestricted upload

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability identified as critical has been detected in Bdtask Flight Booking Software up to 3.1. Affected by this issue is some unknown functionality of the file /admin/transaction/deposit of the component Deposit Handler. The manipulation leads to unrestricted upload. This vulnerability is documented as CVE-2025-12222. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12221 | Azure Access BLU-IC2/BLU-IC4 up to 1.19.5 Busybox config (EUVD-2025-35937)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability categorized as critical has been discovered in Azure Access BLU-IC2 and BLU-IC4 up to 1.19.5. Affected by this vulnerability is an unknown functionality of the component Busybox. Executing manipulation can lead to configuration. This vulnerability is registered as CVE-2025-12221. It is possible to launch the attack remotely. No exploit is available.
vuldb.com

CVE-2025-12216 | Azure Access BLU-IC2/BLU-IC4 up to 1.19.5 App insufficient or incomplete data removal within hardware component (EUVD-2025-35936)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in Azure Access BLU-IC2 and BLU-IC4 up to 1.19.5. It has been rated as very critical. Affected is an unknown function of the component App Handler. Performing manipulation results in insufficient or incomplete data removal within hardware component. This vulnerability is cataloged as CVE-2025-12216. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-12220 | Azure Access BLU-IC2/BLU-IC4 up to 1.19.5 Busybox vulnerable third-party component (EUVD-2025-35932)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in Azure Access BLU-IC2 and BLU-IC4 up to 1.19.5. It has been classified as very critical. This affects an unknown function of the component Busybox. This manipulation causes dependency on vulnerable third-party component. This vulnerability is tracked as CVE-2025-12220. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com

CVE-2025-12219 | Azure Access BLU-IC2/BLU-IC4 up to 1.19.5 vulnerable third-party component (EUVD-2025-35933)

VulDB Recent Entries
3 months 2 weeks ago
A vulnerability was found in Azure Access BLU-IC2 and BLU-IC4 up to 1.19.5 and classified as very critical. The impacted element is an unknown function. The manipulation results in dependency on vulnerable third-party component. This vulnerability is identified as CVE-2025-12219. The attack can be executed remotely. There is not any exploit available.
vuldb.com

Qilin

Dark Feed IO
3 months 2 weeks ago

You must login to view this content

cohenido

Managed ad