Aggregator

A vulnerability was found in Google Chrome. It has been declared as critical. This vulnerability affects unknown code of the component V8. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2024-7970. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Data Leak of U.S. Citizen Driver’s Licenses

Apple has agreed to pay $95 million to settle a proposed class-action lawsuit asserting that it vio

A vulnerability was found in Sun Solaris 2.3/2.4/2.5.1/2.6. It has been declared as critical. This vulnerability affects unknown code of the component rpc.statd. The manipulation as part of RPC Call leads to improper privilege management. This vulnerability was named CVE-1999-0493. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Alleged Access Sale to a Leading Data Platform in Israel for $60,000 USD

A vulnerability has been found in SynCE 0.10.0/0.92 and classified as critical. Affected by this vulnerability is the function utils::runscripts. The manipulation leads to code injection. This vulnerability is known as CVE-2008-1136. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The identification of this vulnerability is CVE-2025-0176. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. This vulnerability was named CVE-2025-0175. The attack can be initiated remotely. Furthermore, there is an exploit available.

​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. [...]

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. This vulnerability is uniquely identified as CVE-2025-0174. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #473347 / VDB-290105

Submit #473333 / VDB-290104

A vulnerability was found in thorsten phpMyFAQ up to 4.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/index.php?action=editentry of the component FAQ Editor. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-56199. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #473332 / VDB-289711

January 02, 2025 3 Minute Read

Submit #473330 / VDB-290103

DrayTek Vigor2960/Vigor300B 命令注入漏洞(CVE-2024-12987)

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Lasering Incidents’ appeared first on Security Boulevard.