Aggregator

A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The identification of this vulnerability is CVE-2025-3533. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. This vulnerability was named CVE-2025-3532. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #543120 / VDB-304572

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3531. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #543083 / VDB-304571

Submit #543082 / VDB-304570

Submit #543081 / VDB-304569

Submit #543080 / VDB-304569

A vulnerability was found in quay mirror-registry. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2025-3528. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Apache Roller up to 6.1.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session expiration. This vulnerability is known as CVE-2025-24859. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache SeaTunnel up to 2.3.10. It has been classified as critical. Affected is an unknown function of the file /hazelcast/rest/maps/submit-job of the component Restful api-v1. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-32896. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Facebook Marketplace 已成为该社交平台的王牌功能，2023 年月活跃买家数超过了 12 亿，超越 eBay 成为最大的二手市场之一。根据最新数据，Facebook 月活跃用户中有 16% 就是为了访问 Marketplace 而使用该平台的。Facebook 称，Marketplace 正在吸引那些原本放弃该平台社交功能的年轻用户。这一转变代表着 Facebook 核心功能从“数字连接器”转向了“数字集市”，越来越多地的托管交易而非社交联系。它越来越像最早的分类广告平台 Craigslist。

A vulnerability was found in Microsoft Visual Studio Code up to 1.99.0 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-32726. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Palo Alto Prisma Access Browser and classified as very critical. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2025-0129. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Edge. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-29834. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

MCP 通过提供一个统一的标准接口，让不同的安全工具能够高效地连接和协同工作。

MCP 通过提供一个统一的标准接口，让不同的安全工具能够高效地连接和协同工作。

MCP 通过提供一个统一的标准接口，让不同的安全工具能够高效地连接和协同工作。

Currently trending CVE - Hype Score: 1 - A denial-of-service (DoS) vulnerability in the Simple Certificate Enrollment Protocol (SCEP) authentication feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to ...

A vulnerability was found in Ampache up to 6.3.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument rule leads to cross site scripting. This vulnerability is known as CVE-2024-28852. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.