Aggregator

A vulnerability was found in Artifex Ghostscript up to 10.04.x. It has been declared as problematic. This vulnerability affects the function decode_utf8 of the file base/gp_utf8.c. The manipulation leads to path traversal: '../filedir'. This vulnerability was named CVE-2025-46646. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01/Lite7.2.01.01. It has been classified as problematic. This affects an unknown part. The manipulation leads to information exposure through error message. This vulnerability is uniquely identified as CVE-2025-46575. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01/Lite7.2.01.01 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through error message. This vulnerability is handled as CVE-2025-46574. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in ZTE GoldenDB up to 6.1.03.10 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to resource consumption. This vulnerability is known as CVE-2025-46580. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in NASA CryptoLib up to 1.3.1. Affected is an unknown function of the component Space Data Link Security Protocol Handler. The manipulation leads to dynamically-managed code resources. This vulnerability is traded as CVE-2025-46673. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in HackMD CodiMD up to 2.5.4. This issue affects some unknown processing of the component Content-Security-Policy Header Handler. The manipulation leads to improper protection of alternate path. The identification of this vulnerability is CVE-2025-46655. The attack may be initiated remotely. There is no exploit available. The real existence of this vulnerability is still doubted at the moment.

A vulnerability classified as problematic was found in HackMD CodiMD up to 2.2.0. This vulnerability affects unknown code. The manipulation leads to improper protection of alternate path. This vulnerability was named CVE-2025-46654. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01. This affects an unknown part of the component DDE Handler. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2025-46579. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10/7.2.01.01. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-46578. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in ZTE GoldenDB up to 6.1.03.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper privilege management. This vulnerability is known as CVE-2025-46576. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in python-markdownify up to 0.14.0. It has been classified as problematic. Affected is an unknown function of the component Headline Prefix Handler. The manipulation leads to improper validation of specified quantity in input. This vulnerability is traded as CVE-2025-46656. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Formidable up to 3.5.2 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cryptographically weak prng. The identification of this vulnerability is CVE-2025-46653. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IZArc up to 4.5 and classified as problematic. This vulnerability affects unknown code of the component Archive File Handler. The manipulation leads to inclusion of web functionality from an untrusted source. This vulnerability was named CVE-2025-46652. The attack can be initiated remotely. There is no exploit available.

CalypsoAI是一家专注于AI系统安全的初创公司，构建了全球领先的推理防护平台“The Inference Perimeter”，通过红队测试、实时防御与安全监控，为政企客户提供全链路AI安全解决...

在生成式 AI 能力的竞赛中，高管计划增加对基础技术的投资。

A vulnerability, which was classified as critical, was found in Serosoft Academia Student Information System 1.0.118. This affects an unknown part of the file writefile.php. The manipulation of the argument filePath leads to path traversal: '../filedir'. This vulnerability is uniquely identified as CVE-2024-53636. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in NASA CryptoLib up to 1.3.1. Affected by this issue is some unknown functionality of the component Extended Procedures. The manipulation leads to active debug code. This vulnerability is handled as CVE-2025-46674. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) There are now several public proof-of-concept (PoC) exploits for … More →

The post Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public appeared first on Help Net Security.

In an era of digital transformation and rising cyber threats, Building Trust Through Transparency has become a critical mission for the Chief Information Security Officer (CISO), who has evolved from a technical expert to a strategic leader responsible for protecting organizational trust. Transparency in cybersecurity practices is no longer optional but critical to effective leadership. […]

The post Building Trust Through Transparency – CISO Cybersecurity Practices appeared first on Cyber Security News.

Уникальная архитектура и рекордная эффективность токенов.