Submit #592588: HDF5 1.14.6 Heap-based Buffer Overflow [Accepted]
Submit #592588 / VDB-313274
Aggregator
Submit #592587: HDF5 1.14.6 Heap-based Buffer Overflow [Accepted]
5 months 3 weeks ago
Submit #592587 / VDB-313273
Rulkallos
石油巨头面临首宗气候死亡诉讼
5 months 3 weeks ago
2021 年 6 月 28 日,一股热浪席卷西雅图,气温升至创该市记录的 42 摄氏度。当天 Juliana Leon 被发现昏迷在车内,不久后因体温过高(Hyperthermia)而死亡。现在她的女儿 Misti Leon 向华盛顿的一家法庭起诉了包括埃克森美孚、雪佛龙、壳牌和英国石油在内的七家石油和天然气公司,指控这些公司过失致死(wrongful death)。她声称这些公司通过生产销售化石燃料,加剧了导致她母亲死亡的极端高温。起诉书称,这些公司几十年来一直知道其“化石燃料产品在改变地球大气层”。诉讼指控这些公司创造了一种“依赖化石燃料的经济”,导致“更频繁、更具破坏性的天气灾害以及可预见的人员伤亡”。归因科学研究认定,如果没有人为气候变化,2021 年的热浪“几乎不可能发生”。诉讼寻求赔偿,并为开展关于化石燃料在全球暖化中作用的公众教育活动提供资金。
CVE-2025-6268 | Luna Imaging up to 7.5.5.6 search q cross site scripting
5 months 3 weeks ago
A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting.
This vulnerability is traded as CVE-2025-6268. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Dire Wolf
5 months 3 weeks ago
You must login to view this content
cohenido
Dire Wolf
5 months 3 weeks ago
You must login to view this content
cohenido
Dire Wolf
5 months 3 weeks ago
You must login to view this content
cohenido
Dire Wolf
5 months 3 weeks ago
You must login to view this content
cohenido
Dire Wolf
5 months 3 weeks ago
You must login to view this content
cohenido
Submit #592218: Luna Imaging, Inc. Luna Imaging 7.5.5.x Cross Site Scripting [Accepted]
5 months 3 weeks ago
Submit #592218 / VDB-313272
chor4o
CVE-2025-6267 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 barcodeDetail sql injection
5 months 3 weeks ago
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barcodeNo/barcode/itemNo leads to sql injection.
The identification of this vulnerability is CVE-2025-6267. The attack may be initiated remotely. There is no exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-6266 | FLIR AX8 up to 1.46 /upload.php File unrestricted upload
5 months 3 weeks ago
A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload.
This vulnerability was named CVE-2025-6266. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #586697: zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 zhlink V1.0.0 SQL Injection [Accepted]
5 months 3 weeks ago
Submit #586697 / VDB-313271
Charlie Zha
Ryuk ransomware’s initial access expert extradited to the U.S.
5 months 3 weeks ago
A member of the notorious Ryuk ransomware operation who specialized in gaining initial access to corporate networks has been extradited to the United States. [...]
Bill Toulas
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
5 months 3 weeks ago
Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook.
"Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post.
Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is
The Hacker News
Submit #586692: FLIR AX8 <= 1.46 Unauthorized File Upload Vulnerability [Accepted]
5 months 3 weeks ago
Submit #586692 / VDB-313270
XU17
Why AI code assistants need a security reality check
5 months 3 weeks ago
In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities if not properly reviewed. What security risks do AI code assistants pose that developers and organizations might overlook? While AI code assistants enhance developer productivity, they introduce significant and often overlooked security risks across multiple … More →
The post Why AI code assistants need a security reality check appeared first on Help Net Security.
Mirko Zorz
AI Security Guide: Protecting models, data, and systems from emerging threats
5 months 3 weeks ago
What is AI Security? AI security is where traditional cybersecurity meets the chaotic brilliance of machine learning. It’s the discipline focused on protecting AI systems—not just the code, but the training data, model logic, and output—from manipulation, theft, and misuse. Because these systems learn from data, not just logic, they open up fresh attack surfaces […]
The post AI Security Guide: Protecting models, data, and systems from emerging threats appeared first on Security Boulevard.
Mend.io Team
Iran-Israel War Triggers a Maelstrom in Cyberspace
5 months 3 weeks ago
As Iran closes its cyberspace to the outside world, hacktivists are picking sides, while attacks against Israel surge and spread across the region.
Nate Nelson, Contributing Writer
Завтра мозг — просто интерфейс для ИИ? GPT отключает ваш разум
5 months 3 weeks ago
Новый эксперимент MIT поставил под вопрос эффективность чат-ботов в образовании.