Aggregator

Submit #499675 / VDB-272577

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unrestricted upload. This vulnerability was named CVE-2025-1555. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #499520 / VDB-296507

A vulnerability classified as problematic has been found in abseil-cpp. This affects the function reserve/rehash. The manipulation of the argument size leads to integer overflow. This vulnerability is uniquely identified as CVE-2025-0838. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #496933 / VDB-296506

Submit #496932 / VDB-296506

Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs.

Nontra Yantaprasert 丈夫的姓是 Null，当她冠上 Null 姓氏后开始遭遇以前从未遇到的麻烦。Null 被计算机科学家用于表示无效值，姓 Null 的用户一生中会遇到无数声称账号不存在的错误。Nontra 改姓 Null 后计划于 2014 年乘飞机回印度参加朋友的婚礼，结果处理其签证的印度领事馆声称计算机无法处理她的姓氏。她现在的应对之策而是偶尔用原来的姓氏，或者姓名之间加上连字符。Joseph Tartaro 在十年前让自己的车牌填上 NULL 一词，认为试图开罚单的交警会因为在数据里输入 NULL 而导致系统无法处理。2018 年他收到了 35 美元罚单，之后邮箱里塞满了数百张与他无关的交通罚单，因为系统将 null 与他的个人信息关联起来。微软研究员 Daan Leijen 称，现代计算机软件已能正确处理 null，但很多公司和机构不愿意放弃旧的方便的系统。

Продвинутые нейросети не станут соучастниками страшных преступлений.

Experts warn that the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. D3 Lab researchers reported that on February 19, 2025, the carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards. Experts speculate that B1ack’s Stash used the free card release as a marketing strategy. The […]

A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. This vulnerability is handled as CVE-2024-4917. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Linux Kernel up to 6.6.57/6.11.4. Affected by this vulnerability is the function devm_kasprintf of the component pinctrl. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-50070. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to improper input validation. This vulnerability was named CVE-2024-13681. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2024-13691. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in undsgn Uncode Plugin up to 2.9.1.6 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13667. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.4.278/5.10.220/5.15.161/6.6.34/6.9.5. Affected by this issue is the function iommu_sva_bind_device. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-40945. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.