Aggregator

CVE-2006-2285 | Dokeos Open Source Learning And Knowledge Management Tool LDAP authldap.php file inclusion (EDB-1765 / XFDB-26274)

8 months 3 weeks ago

A vulnerability described as critical has been identified in Dokeos Open Source Learning And Knowledge Management Tool 1.6.4. Affected by this vulnerability is an unknown functionality of the file authldap.php of the component LDAP. Such manipulation of the argument includePath leads to file inclusion. This vulnerability is referenced as CVE-2006-2285. It is possible to launch the attack remotely. Furthermore, an exploit is available.

vuldb.com

CVE-2006-2577 | Docebo 3.0.3 bbc_lib_path Global file inclusion (EDB-1817 / Nessus ID 22235)

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in Docebo 3.0.3. It has been declared as critical. Affected is an unknown function in the library bbc_lib_path. The manipulation of the argument Global results in file inclusion. This vulnerability is cataloged as CVE-2006-2577. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

vuldb.com

土卫二（Enceladus）发现更多复杂有机分子

Solidot

8 months 3 weeks ago

科学家重新检视卡西尼号近二十年前的资料，惊喜地在土星卫星土卫二（Enceladus）的羽状喷流中，找到更多复杂有机分子。这些分子来自隐藏在冰地壳下的地下海洋，显示其中正进行着复杂且活跃的化学反应。这意味着土卫二可能具备孕育生命的条件。这些化合物和地球海底热泉环境中的化学反应物质非常类似。在地球上，黑暗深海中的海底热液喷泉所释放的化学能，足以支持喷泉周遭的生命生存，即使阳光无法到达此处，也能形成丰富的生态系统。这让科学家推测，土卫二也可能存在相似的海底热泉环境。卡西尼号在 2005 到 2015 年间，多次穿越土卫二羽状喷流，收集到大量冰粒与气体。

CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief

The Hackers News

8 months 3 weeks ago

Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the

The Hacker News

CVE-2025-21442 | Qualcomm Snapdragon Auto up to SRV1M Header integer overflow to buffer overflow (EUVD-2025-9990)

Vuldb Updates

8 months 3 weeks ago

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto. Impacted is an unknown function of the component Header Handler. The manipulation results in integer overflow to buffer overflow. This vulnerability is known as CVE-2025-21442. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-21437 | Qualcomm Snapdragon Auto up to SRV1M IOCTL use after free (EUVD-2025-9995)

Vuldb Updates

8 months 3 weeks ago

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Auto. The impacted element is an unknown function of the component IOCTL Handler. Such manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-21437. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2025-21435 | Qualcomm Snapdragon Auto up to WSA8845H Beacon buffer over-read (EUVD-2025-9997)

Vuldb Updates

8 months 3 weeks ago

A vulnerability classified as critical was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WBC, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking. This affects an unknown function of the component Beacon Handler. Such manipulation leads to buffer over-read. This vulnerability is traded as CVE-2025-21435. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-21436 | Qualcomm Snapdragon Compute FastConnect 7800 up to WSA8845 IOCTL Call use after free (EUVD-2025-9996)

Vuldb Updates

8 months 3 weeks ago

A vulnerability, which was classified as critical, has been found in Qualcomm Snapdragon Compute, Snapdragon Mobile and Snapdragon Wearables. This impacts an unknown function of the component IOCTL Call Handler. Performing manipulation results in use after free. This vulnerability is known as CVE-2025-21436. Attacking locally is a requirement. No exploit is available. It is advisable to upgrade the affected component.

vuldb.com

CVE-2025-21439 | Qualcomm Snapdragon Compute FastConnect 6700 up to WCD9380 WLAN Driver out-of-bounds write (EUVD-2025-9993)

Vuldb Updates

8 months 3 weeks ago

A vulnerability, which was classified as critical, was found in Qualcomm Snapdragon Compute, Snapdragon Consumer Electronics Connectivity and Snapdragon Industrial IOT. Affected is an unknown function of the component WLAN Driver. Executing manipulation can lead to out-of-bounds write. This vulnerability is handled as CVE-2025-21439. It is possible to launch the attack on the local host. There is not any exploit available. You should upgrade the affected component.

vuldb.com

CVE-2025-21440 | Qualcomm Snapdragon Compute up to WSA8845H WLAN Driver out-of-bounds write (EUVD-2025-9992)

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in Qualcomm Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity and Snapdragon Industrial IOT. It has been classified as critical. This affects an unknown part of the component WLAN Driver. This manipulation causes out-of-bounds write. The identification of this vulnerability is CVE-2025-21440. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-21438 | Qualcomm Snapdragon Compute FastConnect 6200 up to WSA8845 IOCTL Call out-of-bounds (EUVD-2025-9994)

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in Qualcomm Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity and Snapdragon Industrial IOT and classified as critical. Affected by this issue is some unknown functionality of the component IOCTL Call Handler. The manipulation results in out-of-bounds read. This vulnerability was named CVE-2025-21438. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-21434 | Qualcomm Snapdragon Auto up to WSA8845H EHT Operation Parser buffer over-read (EUVD-2025-9998)

Vuldb Updates

8 months 3 weeks ago

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon WBC and classified as critical. This affects an unknown function of the component EHT Operation Parser. Performing manipulation results in buffer over-read. This vulnerability was named CVE-2025-21434. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2025-21431 | Qualcomm Snapdragon Auto up to SRV1M toctou (EUVD-2025-9999)

Vuldb Updates

8 months 3 weeks ago

A vulnerability was found in Qualcomm Snapdragon Auto. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation results in time-of-check time-of-use. This vulnerability is identified as CVE-2025-21431. The attack is only possible with local access. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

Massive surge in scans targeting Palo Alto Networks login portals

Bleeping Computer.

8 months 3 weeks ago

A spike in suspicious scans targeting Palo Alto Networks login portals indicates clear reconnaissance efforts from suspicious IP addresses, researchers warn. [...]

Bill Toulas

印尼暂停 TikTok 注册资格

Solidot

8 months 3 weeks ago

印度尼西亚政府宣布，由于短视频应用 TikTok 未能按要求提交所有与直播功能相关的数据，当局暂停它作为电子服务系统供应商的注册资格。印尼通信与数码部长 Alexander Sabar 周五发声明说，在最近的全国抗议活动中，部分涉及网络赌博的账户，利用 TikTok 直播功能牟利。当局 9 月 16 日传唤 TikTok 进行直接说明，并要求平台在 9 月 25 日前提交完整的流量、直播和变现数据。TikTok 在 9 月 23 日回复的信函中说，由于公司内部政策和程序对数据请求有规定，因此无法提供数据。印尼通信与数码部认定 TikTok 违反作为私营电子服务供应商的义务，因此决定暂停它的注册资格。TikTok 在印尼拥有超过 1 亿用户。目前尚不明确印尼境内是否已全面封禁 TikTok，但上述声明发布后，这款应用当天在印尼仍可正常使用。

Ваш компьютер тихо шифрует файлы? Google теперь забьёт тревогу первым

Securitylab.ru

8 months 3 weeks ago

Новая функция Drive не оставит вымогателям ни единого шанса.

特拉维夫大学 | POPS：基于历史数据的DNS缓存投毒攻击缓解措施

安全学术圈

8 months 3 weeks ago

提出一种针对四种统计性的DNS缓存投毒攻击的缓解系统

New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click

Cyber Security News

8 months 3 weeks ago

A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft. Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract sensitive user data without requiring any traditional credential theft or malicious webpage content. […]

The post New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click appeared first on Cyber Security News.

Florence Nightingale

Забудьте всё, что знали о тепле. Квантовые демоны Максвелла уже рядом — и они играют по своим правилам

Securitylab.ru

8 months 3 weeks ago

Второй закон термодинамики не так однозначен, как нам казалось.

Beast

Dark Feed IO

8 months 3 weeks ago

You must login to view this content

cohenido

Aggregator

Managed ad