Aggregator

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is traded as CVE-2025-5560. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/view-pass-detail.php. The manipulation of the argument viewid leads to sql injection. This vulnerability is known as CVE-2025-5561. The attack can be launched remotely. Furthermore, there is an exploit available.

June 2025 Patch Tuesday fixes 66 bugs, including a zero-day in WebDAV. Update Windows, Office, and more now to block active threats.

A vulnerability classified as critical was found in PHPGurukul Daily Expense Tracker System 1.1. This vulnerability affects unknown code of the file /expense-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability was named CVE-2025-5546. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is known as CVE-2025-5553. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in PHPGurukul Rail Pass Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is handled as CVE-2025-5554. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Unisoc SC9863A, T606, T612, T616, T750, T765, T760, T770, T820, S8000, T8300 and T9300. It has been rated as critical. This issue affects some unknown processing of the component Engineermode Service. The manipulation leads to command injection. The identification of this vulnerability is CVE-2025-31710. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Unisoc SC7731E, SC9832E, SC9863A, T310, T606, T612, T616, T610, T618, T750, T765, T760, T770, T820, S8000, T8300 and T9300. It has been rated as problematic. This issue affects some unknown processing of the component Cplog Service. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-31711. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability classified as critical has been found in Unisoc SC7731E, SC9832E, SC9863A, T310, T606, T612, T616, T610, T618, T750, T765, T760, T770, T820, S8000, T8300 and T9300. Affected is an unknown function of the component Cplog Service. The manipulation leads to out-of-bounds write. This vulnerability is traded as CVE-2025-31712. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. This vulnerability is handled as CVE-2025-5445. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. This vulnerability is traded as CVE-2025-5443. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. This vulnerability is known as CVE-2025-5444. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is handled as CVE-2025-5358. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5359. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-5327. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. This vulnerability was named CVE-2025-5328. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

在安全领域，似乎很少用千行代码漏洞数来制定指标，不过在一些SAST工具上却可以常见这个说法。我们谈代码安全质量，一般就直接说漏洞数。问题中的说法，可能是和团队的背景和知识有关，比如安全挂在研发团队下，对代码质量的评判就会通过千行代码缺陷数来评估。所以，我也不会去否定这种说法。 不过针对问题，我的答案是“量体裁衣，循序渐进”。每家公司、甚至同一公司的不同产线的代码安全质量，肯定都是不一样的，而且水平参差不齐。所以制定这个指标时，比较好的办法是：先跑起来摸清水位，再根据实际数量、制定跳一跳够得着的指标，迭代提升指标、才会越做越好。 更多内容，可以访问： 1、SDL 100问 SDL100问：我与SDL的故事 SAST误报太高，如何解决？ SDL需要哪些人参与？ SDL如何做成平台化以及价值？ 安全SDK提供安全API是怎么做的？ 安全测试，测不出逻辑漏洞怎么办？ 如何逐步建设XAST安全测试工具？ 如何设计安全开发平台的架构和功能？ 大家都有哪些SDL运营指标？ SDL 70/100问：业务系统是否可以带漏洞上线？ 2、SDL创新实践 首发！“ 研发安全运营 ” 架构研究与实践 DevSecOps实施关键：研发安全团队 DevSecOps实施关键：研发安全流程 DevSecOps实施关键：研发安全规范 从安全视角，看研发安全 数字化转型下研发安全痛点 一个思考：安全测试驱动产品安全？ 3、SDL最初实践 【SDL最初实践】开篇 【SDL最初实践】安全培训 【SDL最初实践】安全需求 【SDL最初实践】安全设计 【SDL最初实践】安全开发 【SDL最初实践】安全测试 【SDL最初实践】安全审核 【SDL最初实践】安全响应 4、软件供应链安全 软件供应商面临的攻防实战风险 软件供应商实战对抗十大安全举措 软件供应商攻防常规战之SDL 软件供应链投毒事件应急响应 5、安全运营实践 基于实践的安全事件简述 安全事件运营SOP：钓鱼邮件 安全事件运营SOP：网络攻击 安全事件运营SOP：蜜罐告警 安全事件运营SOP：webshell事件 安全事件运营SOP：接收漏洞事件 应急能力提升：实战应急困境与突破 应急能力提升：挖矿权限维持攻击模拟 应急能力提升：内网横向移动攻击模拟 应急能力提升：实战应急响应经验

Modern cybersecurity threats have evolved beyond traditional perimeter defenses, necessitating the adoption of proactive hunting methodologies that anticipate breach scenarios. This comprehensive guide explores advanced threat hunting strategies, technical frameworks, and practical implementation approaches that enable security professionals to identify sophisticated threats before they cause significant damage. By leveraging hypothesis-driven methodologies, advanced analytics platforms, and […]

The post Threat Hunting 101 – Proactive Cybersecurity Strategies for Experts appeared first on Cyber Security News.

A researcher tells CyberScoop that up to 80% of enterprises could be vulnerable to the zero-day Microsoft patched in its June update.

The post Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day appeared first on CyberScoop.

The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes.