Aggregator

A vulnerability classified as critical has been found in SKINsoft S-Museum 7.02.3. Affected is an unknown function of the component PDF File Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-25801. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in RuvarOA 6.01/12.01 and classified as critical. Affected by this issue is some unknown functionality of the file /PersonalAffair/worklog_template_show.aspx. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2024-25527. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.7.4 and classified as problematic. Affected by this issue is the function create_empty_lvol of the file drivers/mtd/ubi/vtbl.c. The manipulation of the argument leb_size leads to allocation of resources. This vulnerability is handled as CVE-2024-25739. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Couchbase up to 7.2.5/7.6.1 and classified as problematic. This issue affects some unknown processing of the component HTTP Header Handler. The manipulation of the argument Host leads to injection. The identification of this vulnerability is CVE-2024-25673. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

35 000 устройств под угрозой. Всего один логгер может обесточить целую страну.

Submit #585798 / VDB-311669

A vulnerability was found in tarojs taro up to 4.1.1. It has been declared as problematic. This vulnerability affects unknown code of the file taro/packages/css-to-react-native/src/index.js. The manipulation leads to inefficient regular expression complexity. This vulnerability was named CVE-2025-5896. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #585796 / VDB-311668

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2025-5895. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Submit #585795 / VDB-311667

Власть в одних руках закончилась — и новые руки уже тянутся к ядру.

OpenAI has revealed that it banned a set of ChatGPT accounts that were likely operated by Russian-speaking threat actors and two Chinese nation-state hacking groups to assist with malware development, social media automation, and research about U.S. satellite communications technologies, among other things. "The [Russian-speaking] actor used our models to assist with developing and refining

A vulnerability was found in Broadstreet Plugin up to 1.51.7 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-4652. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Newsletter Plugin up to 8.84 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Form Setting Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-3582. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Newsletter Plugin up to 8.8.4 on WordPress. Affected is an unknown function of the component Widget Option Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-3581. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

In the rapidly shifting digital world, cybersecurity professionals are constantly seeking innovative tools that not only streamline workflows but also empower users with deeper insights and automation. Enter Kali GPT—a groundbreaking AI assistant tailored specifically for the Kali Linux ecosystem, engineered by XIS10CIAL. This article explores the genesis, capabilities, and tangible advantages of Kali GPT, […]

The post Kali GPT-Revolutionizing Penetration Testing with AI on Kali Linux appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as problematic, has been found in RocketChat up to 7.6.1. This issue affects the function parseMessage of the file /apps/meteor/app/irc/server/servers/RFC2813/parseMessage.js. The manipulation of the argument line leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-5892. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #585751 / VDB-311663

A vulnerability classified as problematic was found in Unitech pm2 up to 6.0.6. This vulnerability affects unknown code of the file /lib/tools/Config.js. The manipulation leads to inefficient regular expression complexity. This vulnerability was named CVE-2025-5891. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in actions toolkit 0.5.0. This affects the function globEscape of the file toolkit/packages/glob/src/internal-pattern.ts of the component glob. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2025-5890. It is possible to initiate the attack remotely. There is no exploit available.