Aggregator

宝塔面板将推出v10.0稳定版（LTS）和v11.0正式版，稳定版提供长期维护支持以保障稳定性，正式版则更快更新功能。企业用户适合选择稳定版以获得更好的安全性与稳定性保障，而站长与个人站长则可尝试正式版以体验更多新功能。

A vulnerability classified as problematic has been found in Broadcom Brocade SANnav up to 2.4.0. This affects an unknown part of the component Database Password Handler. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-6392. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Advantech iView. It has been rated as critical. Affected by this issue is the function NetworkServlet.archiveTrapRange. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-52577. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Advantech iView. It has been declared as critical. Affected by this vulnerability is the function NetworkServlet.restoreDatabase. The manipulation leads to argument injection. This vulnerability is known as CVE-2025-53509. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Honeywell C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM and C200E. It has been classified as critical. Affected is an unknown function of the component Control data Access. The manipulation leads to integer underflow. This vulnerability is traded as CVE-2025-3947. It is possible to launch the attack remotely. There is no exploit available.

网络激进主义者正将攻击目标从传统的DDoS和网站破坏转向关键基础设施中的工业控制系统（ICS）。俄罗斯相关的组织如Z-Pentest、Dark Engine和Sector 16在2025年第二季度发起了大量针对能源、制造业等关键部门的攻击。同时，新的激进组织如Dark Engine和BL4CK CYB3R也在崛起，并且他们的活动往往与地区冲突相关联。

A vulnerability was found in Advantech iView and classified as critical. This issue affects the function NetworkServlet.backupDatabase. The manipulation leads to argument injection. The identification of this vulnerability is CVE-2025-52459. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in yhirose cpp-httplib up to 0.20.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to infinite loop. This vulnerability was named CVE-2025-53628. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Advantech iView. This affects the function NetworkServlet.processImportRequest. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-46704. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in yhirose cpp-httplib up to 0.22.x. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Transfer-Encoding leads to allocation of resources. This vulnerability is known as CVE-2025-53629. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Serviio Media Server up to 1.8 on Windows. Affected by this issue is the function checkStreamUrl of the file /rest/action of the component API Endpoint. The manipulation of the argument Video leads to os command injection. This vulnerability is handled as CVE-2025-34101. The attack may be launched remotely. Furthermore, there is an exploit available.

While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating blind spots that even the most careful IT leaders struggle to detect. Despite formal guidelines and sanctioned tools, shadow Al has become the norm rather than the exception. 70% of IT decision makers (ITDMs) have identified unauthorized AI … More →

The post Employees are quietly bringing AI to work and leaving security behind appeared first on Help Net Security.

A vulnerability classified as problematic has been found in Meshtastic Firmware up to 2.6.1. Affected is an unknown function of the component Routing Module. The manipulation leads to reachable assertion. This vulnerability is traded as CVE-2025-24798. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A CVSS score 7.5 AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H severity vulnerability discovered by 'Nitesh Surana (niteshsurana.com) & Nelson William Gamazo Sanchez of Trend Research' was reported to the affected vendor on: 2025-07-11, 75 days ago. The vendor is given until 2025-11-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A vulnerability was found in Honeywell C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, C200E and Wireless Device Manager. It has been rated as critical. This issue affects some unknown processing of the component Control Data Access. The manipulation leads to sensitive information in resource not removed before reuse. The identification of this vulnerability is CVE-2025-2522. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ggml-org llama.cpp. It has been declared as critical. This vulnerability affects the function gguf_init_from_file_impl of the file ggml/src/gguf.cpp. The manipulation leads to heap-based buffer overflow. This vulnerability was named CVE-2025-53630. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in ctfer-io chall-manager up to 0.1.3. It has been classified as critical. This affects an unknown part of the component Scenario Decoding. The manipulation leads to asymmetric resource consumption. This vulnerability is uniquely identified as CVE-2025-53633. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ctfer-io chall-manager up to 0.1.3 and classified as critical. Affected by this issue is some unknown functionality of the component Scenario Decoding. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-53632. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Advantech iView and classified as critical. Affected by this vulnerability is the function CUtils.checkSQLInjection. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-48891. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Connect2id Nimbus JOSE+JWT up to 10.0.1. Affected is an unknown function of the component JSON Object Handler. The manipulation leads to uncontrolled recursion. This vulnerability is traded as CVE-2025-53864. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.