Aggregator

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.10.6/17.11.2/18.0.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to allocation of resources. This vulnerability was named CVE-2025-2853. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OpenSSL 3.5.0. This affects the function x509_main of the file apps/x509.c of the component x509 Application. The manipulation leads to improper certificate validation. This vulnerability is uniquely identified as CVE-2025-4575. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Apple iOS and iPadOS up to 15.5. This issue affects some unknown processing of the component Apple Neural Engine. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2022-32845. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS and classified as problematic. This issue affects some unknown processing of the component Apple Neural Engine. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2022-32845. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordLift Plugin up to 3.37.1 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2022-3069. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Generate PDF Plugin up to 3.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2022-3070. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Slider Hero Plugin up to 8.4.3 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Slider Name Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2022-3074. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in mIPC 5.3.1.2003161406. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2022-40785. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Blink. The manipulation leads to use after free. This vulnerability is known as CVE-2022-2857. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component SwiftShader. The manipulation leads to use after free. The identification of this vulnerability is CVE-2022-2854. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component ANGLE. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-2855. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component Site Isolation. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2022-3044. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been rated as critical. This issue affects some unknown processing of the component V8. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2022-3045. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Browser Tag. The manipulation leads to use after free. This vulnerability is traded as CVE-2022-3046. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. [...]

A vulnerability classified as problematic has been found in CityPost Simple PHP Upload 5.3. Affected is an unknown function of the file simple-upload-53.php. The manipulation of the argument Message leads to basic cross site scripting. This vulnerability is traded as CVE-2005-4671. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Signal implements new screen security on Windows 11, blocking screenshots by default to protect user privacy from Microsoft’s Recall feature. A Signal update for the Windows app prevents the system from capturing screenshots by default. The feature protects users’ privacy from Microsoft’s Recall feature. “Signal Desktop now includes support for a new “Screen security” setting […]

GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service (DoS) attacks.  The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource exhaustion, authentication bypasses, and […]

The post Multiple GitLab Vulnerabilities Let Attackers Trigger DoS Attacks appeared first on Cyber Security News.

A vulnerability was found in IBM Lotus Domino iNotes Client 6.5.4. It has been classified as problematic. This affects an unknown part of the component Domino Web Access. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2006-0663. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.