Aggregator

CVE-2025-12252 | code-projects Online Event Judging System 1.0 /ajax/action.php content sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability described as critical has been identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. This vulnerability is reported as CVE-2025-12252. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-12253 | AMTT Hotel Broadband Operation System 1.0 get_expiredtime.php uid sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability classified as critical has been found in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument uid causes sql injection. This vulnerability appears as CVE-2025-12253. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-12254 | code-projects Online Event Judging System 1.0 /add_judge.php fullname sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability classified as critical was found in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. This vulnerability is traded as CVE-2025-12254. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-12255 | code-projects Online Event Judging System 1.0 /add_contestant.php fullname sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability, which was classified as critical, has been found in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. This vulnerability is known as CVE-2025-12255. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2025-12256 | code-projects Online Event Judging System 1.0 /edit_contestant.php contestant_id sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability, which was classified as critical, was found in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can lead to sql injection. This vulnerability is handled as CVE-2025-12256. The attack can be executed remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-12257 | SourceCodester Online Student Result System 1.0 /view_result.php ID sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability has been found in SourceCodester Online Student Result System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_result.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-12257. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-12261 | CodeAstro Gym Management System 1.0 remove-announcement.php ID sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability was found in CodeAstro Gym Management System 1.0. It has been rated as critical. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-12261. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

CVE-2025-12262 | code-projects Online Event Judging System 1.0 /edit_criteria.php crit_id sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability categorized as critical has been discovered in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. This vulnerability is tracked as CVE-2025-12262. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com

CVE-2025-12263 | code-projects Online Event Judging System 1.0 /edit_judge.php judge_id sql injection

Vuldb Updates
5 days 19 hours ago
A vulnerability identified as critical has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. This vulnerability is listed as CVE-2025-12263. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

便捷与安全能否兼得?梆梆安全解读工信部通报下的智能终端风险与物联网场景化治理实践

嘶吼
5 days 19 hours ago

关于侵害用户权益行为的智能终端通报

根据中央网信办、工业和信息化部、公安部、市场监管总局等四部门联合发布的《关于开展2025年个人信息保护系列专项行动的公告》,按有关法律法规要求,工信部对智能终端违法违规收集使用个人信息等问题开展治理。近期,经组织第三方检测机构进行抽查,共发现20款智能终端存在侵害用户权益行为(详见附件),现予以通报。

来源:工信微报

本次通报的20款智能终端涉及多个物联网典型应用场景,反映出智能设备在深入用户生活的同时,也带来了不容忽视的安全隐患。主要涵盖以下四类生活场景:

·家庭安防场景:包括智能门锁、网络摄像机等设备,作为家庭物理安全的第一道防线,其数据泄露与权限失控可能直接威胁用户人身与财产安全。

·儿童监护与教育场景:儿童电话手表、智能学习终端等产品直接涉及未成年人位置、人脸等敏感信息,一旦管理失范,将造成严重的隐私侵害风险。

·智能家居控制场景:以智能音箱为代表,作为家庭语音交互中枢,其数据收集与权限管理缺失将波及用户声纹、生活习惯等核心隐私。

·娱乐互动场景:AI对话机器人、智能玩具等设备通过云端实现情感交互,若未建立有效数据治理机制,极易成为个人信息违规收集与传输的重灾区。

这些场景的普及标志着物联网设备已深度融入日常生活,然而终端安全机制的普遍缺失,使得“智能便利”与“隐私风险”并存。本次通报集中暴露出当前行业在个人信息保护方面的系统性问题,主要包括:隐私政策缺失、数据违规传输、权限管控机制缺位、强制自动续费及敏感信息收集未单独告知等

上述问题不仅违反法律法规,更侵蚀用户信任,阻碍行业健康发展。在监管持续深化、用户隐私意识不断提升的背景下,广大智能设备生产企业应高度重视合规建设,将“隐私设计”理念融入研发全流程,建立健全数据分类分级、权限管控与加密传输机制,切实履行个人信息保护主体责任。

安全赋能:物联网场景化治理与安全实践

梆梆安全基于深厚的物联网安全实践,构建了覆盖应用层、平台层、传输层及感知层的分层防护体系。通过对智能终端、网络接入及业务应用实施分层布防与纵深防御,并融入以PPDR为核心的动态安全模型,实现对物联网从终端到整网的持续性安全保障。

梆梆安全物联网智能终端安全保障体系

梆梆安全固件安全检测平台

自动化检测物联网设备固件安全隐,通过自动化的方式从固件自身信息、敏感信息、配置风险、CVE漏洞等多个检测维度,识别和分析智能终端可能存在的风险漏洞,助力客户高效排查固件安全问题并整改,提升智能终端的安全强度。

物联网终端渗透测试服务

依据安全基线标准,紧密结合客户业务场景与需求,采用“人工+工具”协同的测试模式,全面检测物联网终端设备的安全漏洞与脆弱性,并输出详尽的渗透测试报告与修复建议,助力客户提前发现并处置安全隐患,有效规避业务运营与监管合规风险。

服务对象包括:物联网设备及智能硬件,涵盖芯片、智能卡、汽车电子、智能硬件、智能家居 (智能电视、机顶盒、投影仪等)、无人机、机器人等领域,包括连接安全 (3G/4G/5G/BT/Wi-Fi/Zig:bee/RF/NFC/API) 、硬件安全 (PCB/芯片/存储/固件) 、系统安全 (含单片机/嵌入式Linux/ARM) 等。

智能终端作为物联网生态的关键入口,其数据安全与隐私合规水平是产业发展的基石。梆梆安全致力于持续拓展物联网安全的技术边界,聚焦终端固件安全、数据加密传输与全生命周期隐私合规,以创新的安全解决方案,守护智能终端的每一道安全防线。

梆梆安全

便捷与安全能否兼得?梆梆安全解读工信部通报下的智能终端风险与物联网场景化治理实践

不安全
5 days 19 hours ago
嗯,用户让我用中文帮他总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”之类的开头。直接写描述就行。首先,我得仔细阅读文章,抓住主要信息。 文章主要讲的是工信部抽查发现20款智能终端存在侵害用户权益的问题,涉及家庭安防、儿童监护、智能家居和娱乐互动四个场景。然后提到了梆梆安全提供的解决方案,包括固件检测、渗透测试等服务。 接下来,我需要把这些要点浓缩到100字以内。先确定关键点:工信部通报、20款智能终端、侵害用户权益、四个生活场景、梆梆安全的解决方案。然后把这些信息连贯地组织起来。 可能的结构是:工信部抽查发现20款智能终端侵害用户权益,涉及四个场景,梆梆安全提供固件检测和渗透测试服务以提升安全水平。 检查一下字数,确保不超过100字。这样应该能满足用户的需求了。 工信部抽查发现20款智能终端存在侵害用户权益行为,涉及家庭安防、儿童监护与教育、智能家居控制及娱乐互动等场景。这些问题反映出物联网设备在隐私保护方面的系统性缺陷。梆梆安全通过固件安全检测平台和渗透测试服务等技术手段,助力提升智能终端的安全防护能力。

Windows Unveils Quick Memory Scan Feature for Seamless Recovery After BSOD Crashes

Cyber Security News
5 days 19 hours ago

Microsoft is enhancing Windows 11’s stability with a new feature that prompts users for a quick memory diagnostic scan following blue screen of death (BSOD) incidents. This proactive tool aims to detect and mitigate memory corruption issues that often lead to unexpected restarts, potentially reducing future system crashes. Announced in recent Windows Insider builds, the […]

The post Windows Unveils Quick Memory Scan Feature for Seamless Recovery After BSOD Crashes appeared first on Cyber Security News.

Guru Baran

CVE-2025-62698 | ExternalGuidance Extension up to 1.38 on Mediawiki cross site scripting (Nessus ID 271639)

Vuldb Updates
5 days 19 hours ago
A vulnerability was found in ExternalGuidance Extension up to 1.38 on Mediawiki and classified as problematic. Affected by this issue is some unknown functionality. The manipulation results in cross site scripting. This vulnerability was named CVE-2025-62698. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2025-62697 | LanguageSelector Extension up to 1.38 on Mediawiki Downstream injection (EUVD-2025-35095 / Nessus ID 271642)

Vuldb Updates
5 days 19 hours ago
A vulnerability classified as problematic has been found in LanguageSelector Extension up to 1.38 on Mediawiki. The impacted element is an unknown function of the component Downstream. This manipulation causes injection. This vulnerability appears as CVE-2025-62697. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-62702 | PageTriage Extension up to 1.43 on Mediawiki cross site scripting (EUVD-2025-35129 / Nessus ID 271643)

Vuldb Updates
5 days 19 hours ago
A vulnerability was found in PageTriage Extension up to 1.43 on Mediawiki and classified as problematic. The impacted element is an unknown function. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-62702. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

11款正版软件特价:数码荔枝10月优惠,这些软件将不再参加双11优惠。

不安全
5 days 19 hours ago
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户的要求是直接写文章描述,不需要特定的开头。 首先,我仔细阅读了文章内容。文章主要介绍了数码荔枝在2025年10月的优惠活动,包括多款正版软件的特价信息。这些软件涵盖了Windows和macOS平台,涉及桌面整理、系统美化、文件管理等多个方面。 接下来,我注意到文章中提到这些优惠仅限最后两天,并且这些软件将不再参加双11活动。此外,用户可以使用优惠码APPINN享受额外折扣和新用户福利。 为了总结内容,我需要抓住关键点:数码荔枝的限时优惠、软件种类、优惠时间限制以及使用优惠码的好处。同时,要控制在100字以内,确保信息简洁明了。 最后,我组织语言,确保涵盖所有重要信息,并且表达流畅自然。 数码荔枝推出限时正版软件优惠活动,涵盖Windows和macOS平台多款工具,包括桌面整理、系统美化、文件管理和办公软件等。部分软件如Fences 6、Start11等提供7折特惠,Microsoft 365一年仅需89元。优惠仅剩最后两天,并将错过双11机会。使用优惠码APPINN可享额外折扣及新用户福利。

Managed ad