Aggregator

A vulnerability categorized as critical has been discovered in Microsoft Windows. This impacts an unknown function of the component SMB. The manipulation results in improper authentication. This vulnerability is known as CVE-2025-55234. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

A vulnerability categorized as problematic has been discovered in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The identification of this vulnerability is CVE-2025-9146. The attack may be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part

A vulnerability identified as critical has been detected in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. This vulnerability is reported as CVE-2025-10374. The attack is possible to be carried out remotely. Moreover, an exploit is present. It is suggested to use restrictive firewalling. Once again VulDB remains the best source for vulnerability data.

Submit #639092 / VDB-323788

A vulnerability categorized as problematic has been discovered in Langchaingo 0.1.14. Affected by this issue is some unknown functionality. Such manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is documented as CVE-2025-9556. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in junkurihara httpsig-rs up to 0.0.18. It has been rated as problematic. Affected by this vulnerability is an unknown functionality. This manipulation causes observable timing discrepancy. This vulnerability is registered as CVE-2025-59058. Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.

A vulnerability was found in Evertz 3080ipx-10G, MViP-II, cVIP, 7890IXG, CC Access Server and 5782XPS-APP-4E. It has been declared as critical. Affected is an unknown function of the component Web Management Interface. The manipulation results in improper authentication. This vulnerability is cataloged as CVE-2025-10365. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Dstack-TEE dstack up to 0.5.3. It has been classified as problematic. This impacts an unknown function of the file /data. The manipulation leads to files or directories accessible. This vulnerability is listed as CVE-2025-59054. The attack must be carried out locally. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Evertz 3080ipx-10G, MViP-II, cVIP, 7890IXG, CC Access Server and 5782XPS-APP-4E and classified as critical. This affects an unknown function of the file feature-transfer-import.php of the component Web Management Interface. Executing manipulation can lead to command injection. This vulnerability is tracked as CVE-2025-10364. The attack can be launched remotely. No exploit exists.

A vulnerability has been found in hono up to 4.9.6 and classified as problematic. The impacted element is an unknown function of the component bodyLimit Middleware. Performing manipulation results in resource consumption. This vulnerability is identified as CVE-2025-59139. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /intranet/educar_turma_tipo_cad.php. Such manipulation of the argument nm_tipo leads to cross site scripting. This vulnerability is referenced as CVE-2025-10373. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_modulo_cad.php. This manipulation of the argument nm_tipo/descricao causes cross site scripting. The identification of this vulnerability is CVE-2025-10372. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in OPNsense 25.1 and classified as critical. The impacted element is an unknown function of the file interfaces_bridge_edit.php. The manipulation of the argument span results in command injection. This vulnerability is known as CVE-2025-50989. It is possible to launch the attack remotely. No exploit is available.

A vulnerability identified as problematic has been detected in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. This vulnerability is referenced as CVE-2025-9147. Remote exploitation of the attack is possible. Furthermore, an exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. This vulnerability is identified as CVE-2025-9176. The attack is only possible with local access. Additionally, an exploit exists.

Submit #642826 / VDB-323781

Submit #642825 / VDB-323780

日本游戏公司世嘉在英国的办事处从 Brentford 迁至 Chiswick Business Park，它处理了旧办公室的遗留物品，负责处理的人将包括 Game Boy Advance、DSi、3DS、Wii 和 Wii U 等任天堂开发主机，以及 Sonic Chronicles 和 Mario & Sonic 等原型游戏以 13,575 美元卖给了一位英国买家。世嘉很快意识到它惹了大麻烦，任天堂的法务不仅让玩家恐惧，游戏开发商同样恐惧。为了追回卖掉的任天堂游戏机开发套件，它报了警。英国警方于 7 月 14 日派遣了 10 名警员突击搜查了买家的家，扣押了对方购买的设备，拘留了买家 8 小时。买家被要求放弃其购买任天堂游戏机开发套件的所有权，但遭到了拒绝。

Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco […]