Aggregator

CVE-2025-54446 | Samsung Electronics MagicINFO 9 Server 21.1050/21.1052 path traversal (EUVD-2025-22430)

Vuldb Updates
9 months ago
A vulnerability classified as critical has been found in Samsung Electronics MagicINFO 9 Server 21.1050/21.1052. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-54446. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-52735 | Linux Kernel up to 5.15.94/6.1.12 sock_map_close/sock_map_destroy/sock_map_unhash stack-based overflow (f312367f5246/749985988148/5b4a79ba65a1 / EUVD-2023-59454)

Vuldb Updates
9 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.94/6.1.12. Affected is the function sock_map_close/sock_map_destroy/sock_map_unhash. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2023-52735. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Enterprise LLMs Under Risk: How Simple Prompts Can Lead to Major Breaches

Cyber Security News
9 months ago

Enterprise applications integrating Large Language Models (LLMs) face unprecedented security vulnerabilities that can be exploited through deceptively simple prompt injection attacks.  Recent security assessments reveal that attackers can bypass authentication systems, extract sensitive data, and execute unauthorized commands using nothing more than carefully crafted natural language queries.  Key Takeaways1. Simple prompts can trick LLMs into […]

The post Enterprise LLMs Under Risk: How Simple Prompts Can Lead to Major Breaches appeared first on Cyber Security News.

Florence Nightingale

印度对美智能手机出货量首次超过中国

Solidot
9 months ago
根据 Canalys 的数据,二季度(4-6 月)印度对美智能手机出货量首次超过中国(44% 对 25%)。美国智能手机出货量在 2025 年第二季度增长了 1%。与中国关税谈判结果的不确定性加速了供应链的重新定位。美国智能手机在中国组装的出货量份额从 2024 年第二季度的 61% 缩减至 2025 年第二季度的 25%。这种下降的大部分是由印度承担的;“印度制造”智能手机的总销量同比增长 240%,目前占美国进口智能手机的 44%,高于 2024 年第二季度仅占智能手机出货量的 13%。第二季度,iPhone 出货量同比下降 11% 至 1330 万部,三星出货量同比增长 38% 达到 830 万台,摩托罗拉增长 2% 至 320 万台。Google 和 TCL 跻身前五名,Google 增长 13% 至 80 万台,TCL 下降23% 出货量为 70 万台。

Microsoft Details Defence Techniques Against Indirect Prompt Injection Attacks

Cyber Security News
9 months ago

Microsoft has unveiled a comprehensive defense-in-depth strategy to combat indirect prompt injection attacks, one of the most significant security threats facing large language model (LLM) implementations in enterprise environments.  The company’s multi-layered approach combines preventative techniques, detection tools, and impact mitigation strategies to protect against attackers who embed malicious instructions within external data sources that […]

The post Microsoft Details Defence Techniques Against Indirect Prompt Injection Attacks appeared first on Cyber Security News.

Florence Nightingale

CVE-2025-48932 | Invision Community up to 4.7.20 calendar/view.php location sql injection

VulDB Recent Entries
9 months ago
A vulnerability was found in Invision Community up to 4.7.20. It has been declared as critical. This vulnerability affects unknown code of the file calendar/view.php. The manipulation of the argument location leads to sql injection. This vulnerability was named CVE-2025-48932. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Opera 指控微软使用反竞争策略推广自家浏览器 Edge

Solidot
9 months ago
Opera 周二向巴西反垄断机构 CADE 提起诉讼,指控微软给予自家 Edge 浏览器相对于竞争对手的不公平优势。Opera 称微软在所有 Windows 设备上预装 Edge,将其设为默认浏览器,阻止竞争对手靠产品优势进行竞争。Opera 总法律顾问 Aaron McParlan 表示微软将 Opera 等浏览器排除在预装之外,阻碍用户下载其它浏览器。Opera 称自己是巴西第三大受欢迎 PC 浏览器,希望 CADE 对微软展开调查,要求微软确保公平竞争。

CVE-2025-53416 | Delta Electronics DTN Soft up to 2.1.0 Project File Parser deserialization

VulDB Recent Entries
9 months ago
A vulnerability was found in Delta Electronics DTN Soft up to 2.1.0. It has been classified as critical. This affects an unknown part of the component Project File Parser. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-53416. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-52361 | AK-Nord USB-Server-LXL up to 0.0.16 Build 2023-03-1 /etc/init.d/lighttpd access control

VulDB Recent Entries
9 months ago
A vulnerability was found in AK-Nord USB-Server-LXL up to 0.0.16 Build 2023-03-1 and classified as critical. Affected by this issue is some unknown functionality of the file /etc/init.d/lighttpd. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-52361. Local access is required to approach this attack. There is no exploit available.
vuldb.com

CVE-2025-52187 | GetProjectsIdea School Management System my_profile_update_form1.php cross site scripting

VulDB Recent Entries
9 months ago
A vulnerability has been found in GetProjectsIdea School Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file my_profile_update_form1.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-52187. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-43273 | Apple macOS up to 15.5 Restrictions sandbox

VulDB Recent Entries
9 months ago
A vulnerability, which was classified as critical, has been found in Apple macOS up to 15.5. This issue affects some unknown processing of the component Restrictions Handler. The manipulation leads to sandbox issue. The identification of this vulnerability is CVE-2025-43273. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad