Aggregator

A vulnerability, which was classified as critical, has been found in Symantec Norton AntiVirus 2004. Affected by this issue is some unknown functionality of the component ActiveX Control. The manipulation leads to denial of service. This vulnerability is handled as CVE-2004-0487. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Lotus Domino 5.0.12/6.5.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component URI Handler. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2004-0480. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Apache HTTP Server up to 2.0.50. It has been declared as problematic. This vulnerability affects unknown code of the component mod_ssl. The manipulation leads to memory corruption. This vulnerability was named CVE-2004-0488. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Squid Proxy 2.5 Stable/3 Pre and classified as critical. Affected by this issue is some unknown functionality of the component NTLM Authentication Helper. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2004-0541. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Squid Proxy 2.5 Stable/3 Pre and classified as problematic. Affected by this vulnerability is the function ntlm_fetch_string of the component NTLM Authentication. The manipulation leads to denial of service. This vulnerability is known as CVE-2004-0541. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 18 - Win32k Elevation of Privilege Vulnerability

Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for more robust defenses as enterprises increasingly embed large language models into their workflows. During the […]

The post Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability appeared first on Cyber Security News.

A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. This vulnerability is handled as CVE-2025-7552. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Лечиться препаратами с Земли — как пить кофе из микроволновки. Уже можно лучше.

OpenAI is reportedly preparing to release an artificial intelligence-enhanced web browser within the coming weeks, marking the company’s latest expansion beyond its popular ChatGPT platform. The new browser will feature integrated AI agent capabilities designed to autonomously handle various online tasks, positioning OpenAI as a direct competitor to traditional browser giants like Google Chrome while […]

The post OpenAI is to Launch a AI Web Browser in Coming Weeks appeared first on Cyber Security News.

Submit #614976 / VDB-316249

A sophisticated supply chain attack has compromised the official GravityForms WordPress plugin, allowing attackers to inject malicious code that enables remote code execution on affected websites. The attack, discovered on July 11, 2025, represents a significant security breach affecting one of WordPress’s most popular form-building plugins, with the malware being distributed directly through the official […]

The post WordPress GravityForms Plugin Hacked to Include Malicious Code appeared first on Cyber Security News.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected by this vulnerability is the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument modino/username leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7551. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-7550. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408) and classified as critical. This issue affects the function frmL7ProtForm of the file /goform/L7Prot. The manipulation of the argument page leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-7549. The attack may be initiated remotely. Furthermore, there is an exploit available.

Cybersecurity researchers at the University of Toronto have achieved a breakthrough in hardware-level attacks by successfully demonstrating GPUHammer, the first Rowhammer attack specifically targeting discrete NVIDIA GPUs. The research, which focuses on the popular NVIDIA A6000 GPU with GDDR6 memory, represents a significant expansion of the decade-old Rowhammer vulnerability beyond traditional CPU memories. The research […]

The post GPUHammer – First Rowhammer Attack Targeting NVIDIA GPUs appeared first on Cyber Security News.

Submit #614975 / VDB-316249

Submit #614974 / VDB-316248

Submit #614973 / VDB-316247

NVIDIA is urging customers to enable System-level Error Correction Codes (ECC) as a defense against a variant of a RowHammer attack demonstrated against its graphics processing units (GPUs). "Risk of successful exploitation from RowHammer attacks varies based on DRAM device, platform, design specification, and system settings," the GPU maker said in an advisory released this week. Dubbed