Aggregator

A vulnerability was found in Zong Yu Okcat Parking Management Platform. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation leads to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2025-4555. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WormHole Tech GPM and classified as problematic. This issue affects some unknown processing. The manipulation leads to unverified password change. The identification of this vulnerability is CVE-2025-4558. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Zong Yu Parking Management System and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-4557. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Zong Yu Okcat Parking Management Platform. This affects an unknown part of the component Web Management Interface. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-4556. It is possible to initiate the attack remotely. There is no exploit available.

In this Help Net Security interview, Dr. Peter Garraghan, CEO of Mindgard, discusses their research around vulnerabilities in the guardrails used to protect large AI models. The findings highlight how even billion-dollar LLMs can be bypassed using surprisingly simple techniques, including emojis. To defend against prompt injection, many LLMs are wrapped in guardrails that inspect and filter prompts. But these guardrails are typically AI-based classifiers themselves, and, as Mindgard’s study shows, they are just as … More →

The post Why security teams cannot rely solely on AI guardrails appeared first on Help Net Security.

快速浏览！2025.5.5-5.11安全动态周回顾。

DragonForce的模式可能会吸引更广泛的分支机构，并吸引技术含量较低的威胁者。

快速浏览！2025.5.5-5.11安全动态周回顾。

DragonForce的模式可能会吸引更广泛的分支机构，并吸引技术含量较低的威胁者。

A vulnerability, which was classified as critical, was found in Winterwebs Ezwebitor. This affects an unknown part of the file login.php of the component Login. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2009-4933. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Всё начинается с красивого интерфейса, а заканчивается пустым кошельком.

A vulnerability has been found in Apache ActiveMQ up to 5.16.7/5.17.6/5.18.6/6.1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OpenWire Command Handler. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2025-27533. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A novel exploit method leveraging Beacon Object Files (BOFs) has emerged, enabling attackers to extract Microsoft Entra (formerly Azure AD) tokens from compromised endpoints, even on non-domain-joined or BYOD devices. This technique sidesteps traditional detection mechanisms and expands access to high-value targets, posing significant risks to enterprise cloud environments. PRT Extraction Limits on BYOD Devices […]

The post New Exploit Method Extracts Microsoft Entra Tokens Through Beacon appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

История поединка, где король оказался из кода, а ферзь — из алгоритмов.

A vulnerability, which was classified as critical, has been found in Foxit Studio Photo 3.6.6.916. This issue affects some unknown processing of the component tif File Handler. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2020-8880. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Foxit Studio Photo 3.6.6.916. Affected is an unknown function of the component tif File Handler. The manipulation leads to use after free. This vulnerability is traded as CVE-2020-8881. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in IBM Sterling B2B Integrator Standard Edition up to 5.2.6.5. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2019-4726. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Foxit Studio Photo 3.6.6.916. It has been rated as problematic. Affected by this issue is some unknown functionality of the component PSD File Handler. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2020-8877. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Foxit Studio Photo 3.6.6.916. This affects an unknown part of the component PSD File Handler. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2020-8878. It is possible to initiate the attack remotely. There is no exploit available.