Aggregator

A vulnerability classified as problematic was found in IBM Planning Analytics Local 2.0/2.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-25044. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in IBM Planning Analytics Local 2.0/2.1. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-2896. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM Planning Analytics Local 2.0/2.1 and classified as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2025-33004. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Planning Analytics Local 2.0/2.1 and classified as critical. This issue affects some unknown processing. The manipulation leads to session expiration. The identification of this vulnerability is CVE-2025-33005. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TINITA YAML-LibYAML up to 0.902.x on Perl. It has been classified as problematic. Affected is the function YAML::LibYAML. The manipulation leads to files or directories accessible. This vulnerability is traded as CVE-2025-40908. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. This vulnerability is known as CVE-2025-5407. The attack can be launched remotely. Furthermore, there is an exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument p_id leads to sql injection. This vulnerability is known as CVE-2025-5401. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php of the component GET Parameter Handler. The manipulation of the argument edit_post_id leads to sql injection. This vulnerability is handled as CVE-2025-5402. The attack may be launched remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-5403. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in MIT Kerberos 5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GSSAPI-protected Message Handler. The manipulation leads to use of weak hash. This vulnerability is known as CVE-2025-3576. The attack can be launched remotely. There is no exploit available.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A vulnerability was found in HPE StoreOnce Software up to 4.3.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to path traversal. This vulnerability is known as CVE-2025-37094. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in HPE StoreOnce Software up to 4.3.10. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2025-37093. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Erudika para up to 1.50.7. This vulnerability affects unknown code. The manipulation leads to sensitive information in log files. This vulnerability was named CVE-2025-48955. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WSO2 Identity Server, API Manager, Identity Server as Key Manager, Open Banking AM, Open Banking IAM and Carbon Identity Application Authentication Endpoint. It has been classified as problematic. This affects an unknown part of the component Authentication Endpoint. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2024-1440. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

HackerNews 编译，转载请注明出处： 警方称，马来西亚内政部长的WhatsApp账号遭黑客入侵并被用于向联系人发送恶意链接。 当局在周五的新闻发布会上表示，攻击者据称使用虚拟专用网络（VPN）入侵了Datuk Seri Saifuddin Nasution Ismail的账号，目前尚无受害者报告经济损失。警方未详细说明入侵手法。 负责监管执法、移民和审查事务的内政部已确认该事件，并敦促公众勿回应任何自称来自部长的信息或电话，尤其是涉及财务或个人要求的通讯。 此次数据泄露事件正在调查中，执法部门正全力追踪黑客位置。 手机钓鱼诈骗在马来西亚日益猖獗。当地媒体报道称，诈骗分子常冒充警察、银行职员或法院代表实施犯罪。 近期WhatsApp事件与此前针对其他高级官员的攻击如出一辙： 2025年3月：诈骗分子劫持议长乔哈里·阿卜杜勒的WhatsApp账号，诱骗其联系人汇款； 2022年：黑客入侵前总理伊斯梅尔·萨布里的Telegram和Signal账号； 2015年：黑客控制马来西亚皇家警察的Twitter和Facebook账号，发布支持伊斯兰国组织的信息。 Nasution Ismail因账号被黑事件遭遇网络批评与嘲讽。当地媒体指出，鉴于该国最高安全官员竟遭黑客成功攻击，民众对马来西亚网络安全措施的有效性提出质疑。       消息来源： therecord； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

京葉システム株式会社が提供するタイム・ワークスには、パストラバーサルの脆弱性が存在します。

京葉システム株式会社が提供するPC Time Tracerには、不適切なファイルアクセス権設定の脆弱性が存在します。

A vulnerability was found in Launchpad Ignition 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file comment.php. The manipulation of the argument blog leads to path traversal. This vulnerability is handled as CVE-2009-4426. The attack may be launched remotely. Furthermore, there is an exploit available.