Aggregator

A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1. This issue affects the function LoadUrl of the file \view\url.go. The manipulation of the argument r leads to improper authentication. The identification of this vulnerability is CVE-2025-5247. The attack may be initiated remotely. Furthermore, there is an exploit available.

Власти замалчивают масштабы утечки, но данные 60 чиновников уже утекли в свободное плавание.

Submit #584823 / VDB-310350

A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /hms/admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. This vulnerability was named CVE-2025-5246. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-5245. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2025-5244. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #584798 / VDB-310349

Submit #584718 / VDB-310348

A vulnerability was found in Mobatime AMX MTAPI and AMXGT-100. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web API. The manipulation leads to missing authentication. This vulnerability is known as CVE-2025-2407. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #584635 / VDB-310347

Submit #584634 / VDB-310346

A vulnerability was found in SUSE Manager Server Module 4.3. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting. This vulnerability is traded as CVE-2025-23393. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple Mac OS X 10.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper resource management. This vulnerability is known as CVE-2006-1470. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Обычная сборка проекта превратилась в лотерею с опасным призом.

A critical vulnerability, identified as CVE-2025-0072, has been discovered in the Arm Mali GPU driver, posing a significant threat to devices with newer Mali GPUs utilizing the Command Stream Frontend (CSF) architecture, including Google’s Pixel 7, 8, and 9 series. This flaw, reported to Arm on December 12, 2024, by a security researcher and subsequently […]

The post Arm Mali GPU Vulnerability Enables Bypass of MTE and Arbitrary Kernel Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Новый чип для Китая урезали до лимитов США.

От «приземления» к блокировке: как Россия давит на Big Tech.

过去二十年，NASA 在搜寻绕行太阳、距离地球不超过 1.3 天文单位的近地小行星方面取得了进展，然而一项新发现指出一些与金星共轨的小行星可能对地球构成威胁，NASA 可能需要扩大搜寻范围。一篇于今年五月提交至《天文与天体物理学》期刊的论文详细描述了与金星共轨的小行星的性质与对地球潜在的威胁，论文指出，目前发现的 20 颗共轨小行星中，已有 6 颗小行星具备潜在危险小行星（PHA）的条件，其中 3 颗与地球的最小轨道交会距离甚至小于 0.0005 天文单位。模拟显示它们若撞击地球，可能形成直径达 2～3 公里的陨石坑，释放的能量达 10²百万吨 TNT。

A vulnerability was found in Nagvis up to 1.9.46 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-47090. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Nagvis up to 1.9.46 and classified as problematic. This vulnerability affects unknown code of the component livestatus Handler. The manipulation leads to improper neutralization of delimiters. This vulnerability was named CVE-2024-38866. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.