Aggregator

这是有史以来恶意软件胁迫AI助手CLI协助侦查的首个案例。

A vulnerability identified as problematic has been detected in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. This vulnerability appears as CVE-2025-9674. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. This vulnerability is reported as CVE-2025-9673. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Rejseplanen App up to 8.2.2. It has been rated as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. This vulnerability is documented as CVE-2025-9672. The attack needs to be performed locally. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UAB Paytend App up to 2.1.9 on Android. It has been declared as problematic. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. This vulnerability is registered as CVE-2025-9671. The attack needs to be launched locally. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #638068 / VDB-321884

Submit #637925 / VDB-321883

Submit #637924 / VDB-321882

如何高效对齐数据而不泄露任何隐私

Submit #637922 / VDB-321881

A vulnerability was found in mixmark-io turndown up to 7.2.1. It has been classified as problematic. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. This vulnerability is cataloged as CVE-2025-9670. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

速修复

速修复

银狐木马新变种利用GAC特性劫持系统，360安全智能体实现自动阻断

智能体驱动，360助力深圳打造数字政府新标杆

强势围观！

Submit #637911 / VDB-321880

A vulnerability was found in Oberon PSA Crypto up to 1.5.0 and classified as problematic. The impacted element is an unknown function. Such manipulation leads to observable timing discrepancy. This vulnerability is listed as CVE-2025-7383. The attack must be carried out locally. There is no available exploit. It is suggested to upgrade the affected component.