Aggregator

A vulnerability was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006. It has been rated as very critical. This issue affects the function change_info of the file process_ckpt.py. The manipulation of the argument ckpt_path0 leads to deserialization. The identification of this vulnerability is CVE-2025-43848. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006. It has been declared as very critical. This vulnerability affects unknown code of the file process_ckpt.py. The manipulation of the argument ckpt_path1 leads to deserialization. This vulnerability was named CVE-2025-43846. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006. It has been classified as very critical. This affects the function change_info_. The manipulation of the argument ckpt_path2 leads to code injection. This vulnerability is uniquely identified as CVE-2025-43845. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in RVC-Project Retrieval-based-Voice-Conversion-WebUI up to 2.2.231006 and classified as very critical. Affected by this issue is the function extract_small_model of the file process_ckpt.py. The manipulation of the argument ckpt_path2 leads to deserialization. This vulnerability is handled as CVE-2025-43847. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in OpenWebUI up to 0.6.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /api/v1/files/ of the component Backend Endpoint. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-46571. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Tenda AC8 16.03.34.06. Affected is the function formGetRouterStatus of the file /goform/MtuSetMacWan. The manipulation of the argument shareSpeed leads to buffer overflow. This vulnerability is traded as CVE-2025-4368. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

TeleMessage, an Israeli company that sells an unofficial Signal message archiving tool used by some U.S. government officials, has suspended all services after reportedly being hacked. [...]

Submit #564812 / VDB-307488

A vulnerability classified as critical has been found in Google Chrome. Affected is an unknown function of the component Developer Tools. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2020-6482. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Google Chrome. Affected by this vulnerability is an unknown functionality of the component Payment Handler. The manipulation leads to incorrect default permissions. This vulnerability is known as CVE-2020-6483. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this issue is some unknown functionality of the component ChromeDriver. The manipulation leads to incorrect default permissions. This vulnerability is handled as CVE-2020-6484. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Google Chrome. This affects an unknown part of the component Media Router. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2020-6485. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Navigations. The manipulation leads to improper privilege management. This vulnerability was named CVE-2020-6486. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ex-Interpol Director Craig Jones on How Geopolitics Affects Global Cybercrime
Geopolitical conflicts have affected intergovernmental cooperation. Craig Jones, immediate past director of cybercrime at Interpol, says geopolitical instability has pushed countries to shift their focus toward data sovereignty, scrutinizing data storage, access and regulations.

Phosphorus Cybersecurity's Phillip Wylie on Asset Inventory, Password Hygiene
Organizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity.

Fortinet Uncovers Long-Term Cyberespionage in Region
An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network.

Flattery Glitch Forces Rollback, Potential Procedural Overhaul
OpenAI faced an unexpected publiclity storm when its latest GPT-4o update turned ChatGPT into an overzealous cheerleader, lavishing praise on everything from risky life choices to dubious opinions. CEO Sam Altman acknowledged the issue, with OpenAI outlining changes to prevent a repeat performance.

Author/Presenter: HexxedBitHeadz

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Proving Ground – A New Host Touches The Beacon appeared first on Security Boulevard.

Гравитационное взаимодействие в новой теории работает через поле, как у фотонов. Только тут не свет, а симметрия.