Aggregator

A vulnerability, which was classified as critical, was found in Tenda 11N 5.07.33_cn. This affects an unknown part. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2022-42233. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in Autodesk AutoCAD and classified as critical. Affected by this issue is some unknown functionality of the file DesignReview.exe of the component DWF File Handler. The manipulation leads to memory corruption. This vulnerability is handled as CVE-2022-42942. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, has been found in AdminPad Plugin up to 2.1 on WordPress. Affected by this issue is some unknown functionality of the component Note Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-2762. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Terminalfour up to 7.4.0004/8.3.19. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-22220. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Ecomiz Survey TMA Module up to 2.0.0 on PrestaShop. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-24309. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability has been found in JoomUnited WP Media Folder Plugin up to 5.7.2 on WordPress and classified as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. This vulnerability was named CVE-2024-25909. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Business Intelligence Enterprise Edition 7.0.0.0.0/12.2.1.4.0. Affected by this issue is some unknown functionality of the component Analytics Web Answers. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-21064. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

根据发表在 Royal Society Open Science 上的一项研究，霸王龙是在北美洲演化，但其直系祖先来自亚洲，在 7000 多万年前跨过连接两大洲的陆桥来到美洲。当时地球正经历一段气候变冷的时期，霸王龙及其近亲可能比其它恐龙更适应较冷的气候，可能是因为它们有羽毛或更温血的生理结构。北美已经发现了数十块霸王龙化石，但亚洲至今没有发现。研究人员的模型显示，霸王龙直系祖先跨过了西伯利亚和阿拉斯加之间的白令海峡。

Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. [...]

Masimo Told SEC Hack Affects On-Premises Systems, Operations and Distribution
A cyberattack against on-premises systems is affecting product manufacturing, fulfillment and distribution operations of Masimo, a manufacturer of patient monitoring devices, the California-based company told the U.S. Securities and Exchange Commission on Tuesday.

Funding Will Fuel R&D Push Into Automated Remediation and Risk Prioritization Tools
With code increasingly generated by AI and attackers using AI for exploits, OX Security raised $60 million to scale R&D and help developers prioritize critical vulnerabilities. The company aims to close detection gaps and reduce time-to-remediation in application security.

FIDO-Based Authentication to Replace SMS-Based Verification, Says UK NCSC
The U.K. government is set to replace SMS-based verification systems for digital services with passkeys later this year in a bid to shore-up cyber defenses. The authentication initiative is being developed by the U.K. National Cybersecurity Center using FIDO standards.

New LOSTKEYS malware has been identified and linked to COLDRIVER by GTIG, stealing files and system data in targeted attacks

A vulnerability was found in Senayan Library Management System Bulian 9.6.1. It has been declared as critical. This vulnerability affects the function pop_author_edit of the file admin/modules/bibliography/pop_author_edit.php. The manipulation leads to sql injection. This vulnerability was named CVE-2025-45820. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in PostgreSQL up to 13.20/14.17/15.12/16.8/17.4. It has been classified as critical. This affects an unknown part of the component GB18030 Encoding Validation. The manipulation leads to buffer over-read. This vulnerability is uniquely identified as CVE-2025-4207. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Alleged Data Leak of 10,000+ US Citizens PII

A vulnerability, which was classified as critical, was found in F5 BIG-IP Next, BIG-IP Next SPK, BIG-IP Next CNF and BIG-IP. Affected is an unknown function of the component HTTP2 Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2025-36504. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Cisco Catalyst SD-WAN Manager. Affected is an unknown function of the component Smart Licensing Feature. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2025-20157. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.