Aggregator

A vulnerability, which was classified as critical, has been found in Adobe ColdFusion up to 2021.19/2023.13/2025.1. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2025-43560. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe ColdFusion up to 2021.19/2023.13/2025.1. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-43561. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe ColdFusion up to 2021.19/2023.13/2025.1. This affects an unknown part. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2025-43559. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel OpenVINO Model Server Software 2022.3/2024.0. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2025-22892. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Edge Orchestrator. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-22844. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Edge Orchestrator. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2025-20624. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Intel Edge Orchestrator and classified as problematic. This issue affects some unknown processing. The manipulation leads to resource consumption. The identification of this vulnerability is CVE-2025-20616. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Intel Edge Orchestrator and classified as problematic. This vulnerability affects unknown code. The manipulation leads to resource consumption. This vulnerability was named CVE-2025-20084. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Intel Edge Orchestrator. This affects an unknown part. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2025-20057. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Intel Edge Orchestrator. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-20030. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Intel Edge Orchestrator. Affected by this vulnerability is an unknown functionality. The manipulation leads to insufficient control flow management. This vulnerability is known as CVE-2025-20022. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Varnish Cache up to 7.6.2/7.7.0. Affected is an unknown function of the component HTTP1 Request Handler. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2025-47905. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-43568. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 网络安全研究人员在Python软件包索引（PyPI）仓库中发现一个恶意组件，该组件伪装成与Solana区块链相关的应用程序，实则包含窃取源代码和开发者敏感信息的功能。 这款名为solana-token的软件包目前已被下架，但在删除前已被下载761次。该组件最初于2024年4月初上传至PyPI，但其版本编号方案与常规标准完全不同。 ReversingLabs研究员Karlo Zanki在分享给《黑客新闻》的报告中指出：“安装该恶意包后，它会试图将开发者机器上的源代码和敏感凭证外泄至硬编码的IP地址。” 具体而言，该软件包会以名为“register_node()”的区块链功能为掩护，复制并外泄Python执行栈中所有文件包含的源代码。这种异常行为表明，攻击者试图窃取可能在程序编写初期硬编码的加密相关敏感信息。 研究人员认为，该软件包的攻击目标可能是试图创建私有区块链的开发者，这一判断基于软件包名称及其内置功能。尽管当前尚不清楚攻击者如何分发该恶意包，但推测其可能通过开发者技术论坛进行推广。 此次发现再次印证加密货币仍是供应链攻击者的主要目标，开发者需严格审查每个软件包后再使用。Zanki强调：“开发团队需对开源和商业第三方软件模块中的可疑活动或异常变更保持高度警惕。通过在恶意代码侵入安全开发环境前将其拦截，可有效防范破坏性供应链攻击。”       消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability was found in Adobe Substance3D up to 3.1.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2025-43549. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Dimension up to 4.1.2. It has been classified as critical. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2025-43548. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D up to 1.21.0 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-43554. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Bridge up to 14.1.6 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to integer overflow. This vulnerability is known as CVE-2025-43547. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Bridge up to 14.1.6. Affected is an unknown function. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-43546. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Bridge up to 14.1.6. This issue affects some unknown processing. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-43545. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.