Aggregator

A vulnerability was found in Netty. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component netty-codec-compression. Such manipulation leads to highly compressed data. This vulnerability is traded as CVE-2025-58057. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. This vulnerability is reported as CVE-2025-9931. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. This vulnerability appears as CVE-2025-9932. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability marked as critical has been reported in Google Android 13/14. Affected by this issue is the function onCreate of the file MediaProjectionPermissionActivity.java. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2025-32322. Local access is required to approach this attack. No exploit exists. It is suggested to install a patch to address this issue.

视频播客成为播客行业热点，B站、小红书等平台推出扶持计划吸引创作者。目前内容形态多样但尚未成熟，依赖平台支持。未来能否持续发展取决于新创作者能否稳定输出有深度的内容。

A vulnerability described as critical has been identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. This vulnerability is traded as CVE-2025-9933. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in CKeditor5 up to 45.2.1/46.0.2. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-58064. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. This vulnerability is known as CVE-2025-9934. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in langchain-ai LangChain up to 0.3.63. Affected by this issue is the function etree.iterparse of the component EverNoteLoader Component. The manipulation results in xml external entity reference. This vulnerability was named CVE-2025-6984. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, was found in PHPGurukul Online Shopping Portal 2.1. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-57576. It is possible to launch the attack remotely. No exploit is available.

A vulnerability marked as problematic has been reported in MarceloTessaro promptcraft-forge-studio 0. The affected element is an unknown function of the file src/utils/validation.ts. This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2025-58361. It is possible to initiate the attack remotely. There is no exploit available.

微软承认8月更新导致Windows 10/11及部分服务器版本出现UAC验证问题，影响企业用户安装和启动软件，计划修复。

A vulnerability classified as critical has been found in Google Android 11.0/12.0/13.0. This vulnerability affects the function gatt_process_prep_write_rsp of the file gatt_cl.cc. This manipulation causes out-of-bounds write. This vulnerability is handled as CVE-2023-20951. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability categorized as critical has been discovered in Google Android. Affected by this issue is the function s2mpg11_pmic_probe of the file s2mpg11-regulator.c. Executing manipulation can lead to heap-based buffer overflow. This vulnerability appears as CVE-2023-20949. The attack requires local access. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability was found in Google Android 11.0/12.0/13.0 and classified as critical. This affects the function onStart of the file BluetoothSwitchPreferenceController.java. Such manipulation leads to permission issues. This vulnerability is referenced as CVE-2023-20946. It is possible to launch the attack remotely. No exploit is available. Applying a patch is advised to resolve this issue.

A vulnerability was found in Google Android 12.0/13.0. It has been classified as problematic. This vulnerability affects the function dropFramesUntilIframe of the file AAVCAssembler.cpp. Performing manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2023-20948. The attack can be initiated remotely. There is not any exploit available. It is suggested to install a patch to address this issue.

ラトックシステム株式会社が提供するRATOC RAID監視マネージャー（Windows用）はWindowsサービスを登録しますが、登録されるプログラムのファイルパスは引用符で囲まれていません。

Pierre-Adrien Vasseurが提供するObsidian GitHub Copilot Pluginには、重要情報の平文保存の脆弱性が存在します。

LINEヤフー株式会社が提供するAndroidアプリ「Yahoo!ショッピング」には、Custom URL Scheme ハンドラーにおけるアクセス制限不備の脆弱性が存在します。