Aggregator

CVE-2025-4433 | Devolutions Server up to 2025.1.7.0 User Group Management access control (DEVO-2025-0010)

Vuldb Updates
6 months 3 weeks ago
A vulnerability classified as critical was found in Devolutions Server up to 2025.1.7.0. Affected by this issue is some unknown functionality of the component User Group Management Handler. The manipulation results in improper access controls. This vulnerability is cataloged as CVE-2025-4433. The attack may be launched remotely. There is no exploit available.
vuldb.com

CVE-2025-27152 | axios up to 1.8.1 URL server-side request forgery (Nessus ID 234362 / WID-SEC-2025-0998)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in axios up to 1.8.1. It has been rated as critical. This affects an unknown part of the component URL Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-27152. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2024-5530 | devitemsllc ShopLentor Plugin up to 2.9.0 on WordPress Product Horizontal Filter Widget cross site scripting

Vuldb Updates
6 months 3 weeks ago
A vulnerability described as problematic has been identified in devitemsllc ShopLentor Plugin up to 2.9.0 on WordPress. This affects an unknown function of the component Product Horizontal Filter Widget. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2024-5530. The attack may be performed from remote. There is no available exploit.
vuldb.com

CVE-2025-2584 | WebAssembly wabt 1.0.36 binary-reader-interp.cc GetReturnCallDropKeepCount heap-based overflow (Issue 2557)

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in WebAssembly wabt 1.0.36. It has been classified as critical. Affected by this issue is the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. Performing manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2025-2584. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2024-9538 | ShopLentor Plugin up to 2.9.8 on WordPress FAQ Widget Elementor Template information disclosure

Vuldb Updates
6 months 3 weeks ago
A vulnerability was found in ShopLentor Plugin up to 2.9.8 on WordPress. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the component FAQ Widget Elementor Template. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-9538. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Tengu

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

Akira

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

New “HashJack” attack can hijack AI browsers and assistants

Help Net Security
6 months 3 weeks ago

Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the attacker, or push users to perform risky actions. They call the technique HashJack, because it relies on malicious instructions being hidden in the #fragment of a URL that points to a legitimate (and otherwise innocuous) … More →

The post New “HashJack” attack can hijack AI browsers and assistants appeared first on Help Net Security.

Zeljka Zorz

Qilin

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

Qilin

Dark Feed IO
6 months 3 weeks ago

You must login to view this content

cohenido

Managed ad