Aggregator

美CVE漏洞数据库因DHS断供面临停摆，全球网络安全基石崩塌！

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry. [...]

英伟达周二表示，美国政府限制其对华出口 H20 AI 芯片，它预计将因此损失 55 亿美元。美国商务部随后表示，AMD 的 MI308 以及其它性能相近的 AI 芯片都在管控范围内。H20 此前是英伟达能向中国出口的最先进 AI 芯片，中国主要科技公司如腾讯、阿里巴巴和字节跳动都采购了大量 H20 芯片。英伟达表示，美国政府于 4 月 9 日通知它，H20 芯片需要获得许可证才能出口到中国，它在 4 月 14 日再次通知英伟达新的出口管控限制将无限期实施。

A vulnerability was found in VideoWhisper Live Streaming Integration Plugin up to 5.5.15 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2023-25699. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Saturday Drive Ninja Forms Contact Form Plugin up to 3.6.24 on WordPress. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2023-36505. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Ninja Team Filebird Plugin up to 5.6.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-35166. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Salon Booking System Plugin up to 8.6 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper privilege management. This vulnerability was named CVE-2023-48319. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ninja Team Filebird Plugin up to 6.3.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-53825. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Ninja Team Filebird Plugin up to 5.1.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2023-25966. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in SalesAgility SuiteCRM 7.12.7. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2022-45186. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in SalesAgility SuiteCRM 7.12.7. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2022-45185. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Matthew Fries MF Gig Calendar Plugin up to 1.2.1 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-33651. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Visualmodo Borderless Plugin up to 1.5.8 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-54211. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in PHPGurukul Beauty Parlour Management System 1.1. Affected is an unknown function of the file profile.php. The manipulation of the argument Firstname/Last name leads to cross site scripting. This vulnerability is traded as CVE-2024-53481. It is possible to launch the attack remotely. There is no exploit available.

A leaked internal memo dated April 15, 2025, has sent shockwaves through the cybersecurity community, revealing that MITRE’s contract to operate the Common Vulnerabilities and Exposures (CVE) program is set to expire today, April 16, 2025. The letter, reportedly obtained from a reliable source and addressed to CVE Board Members, is signed by Yosry Barsoum, […]

The post MITRE Ends CVE Program Support – Leaked Internal Memo Confirms Departure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Под ударом – безопасность всего интернета.

A vulnerability classified as critical was found in Zoom Workplace Desktop App, Workplace App, VDI Client, Rooms Controller, Rooms Client and Meeting SDK up to 6.2.x. Affected by this vulnerability is an unknown functionality. The manipulation leads to use after free. This vulnerability is known as CVE-2025-0151. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zoom Workplace Desktop App, Workplace App, VDI Client, Rooms Controller, Rooms Client and Meeting SDK up to 6.2.x. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-27440. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.