Aggregator

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. This vulnerability was named CVE-2025-4011. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. This vulnerability is traded as CVE-2025-4013. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

安全资讯导视 • 金融监管总局拟制定《银行业保险业网络安全管理办法》• 远程控制、窃密、挖矿！

安全资讯导视 • 金融监管总局拟制定《银行业保险业网络安全管理办法》• 远程控制、窃密、挖矿！

NetRise today at the 2025 RSA Conference unveiled a binary composition analysis (BCA) tool that makes it possible to identify application security weaknesses in applications that have already been deployed.

The post NetRise Adds Tool to Analyze Application Binaries for Security Flaws appeared first on Security Boulevard.

An ISACA survey found that just 5% of organizations have a defined strategy to defend against quantum-enabled threats

ART底层源码逻辑大揭秘，打造安卓逆向高手

Storm-1977 黑客组织利用 AzureChecker CLI 工具，通过密码喷洒攻击教育领域云租户，劫持 200 多个容器用于加密货币挖矿。

近日，京东安全獬豸实验室携最新技术研究，在 Black Hat Asia 2025 上，与参会者进行了广泛而深入的交流。

看雪论坛作者ID：ngiokweng

Пока ты бездумно лайкаешь мемы, ИИ по кусочкам собирает на тебя досье — и делает это пугающе хорошо.

A vulnerability was found in Mozilla Thunderbird. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2022-40962. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird. Affected is an unknown function. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-42932. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.5.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2022-45414. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox ESR up to 91.7 and classified as problematic. Affected by this issue is some unknown functionality of the component VR Process. The manipulation leads to use after free. This vulnerability is handled as CVE-2022-1196. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Thunderbird up to 102.2. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to protection mechanism failure. The identification of this vulnerability is CVE-2022-40956. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Mozilla Thunderbird up to 102.2. Affected is an unknown function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2022-40957. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.