Aggregator

这是一个开放的黑客社区，旨在帮助新手成长为资深人士，提供地下技能的学习和交流平台，并邀请加入Discord进行互动。

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what […]

The post Public Wi-Fi Myths: Why You’re Probably Safer Than You Think appeared first on Shared Security Podcast.

The post Public Wi-Fi Myths: Why You’re Probably Safer Than You Think appeared first on Security Boulevard.

A vulnerability was found in Linux Kernel up to 6.1.129/6.6.80/6.12.17/6.13.5. It has been rated as critical. This issue affects the function ipvlan_process_v6_outbound of the component IPv6 Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-21891. Access to the local network is required for this attack to succeed. There is no exploit available. Upgrading the affected component is advised.

A vulnerability classified as problematic has been found in Cisco Small Business RV016, Small Business RV042, Small Business RV042G, Small Business RV082, Small Business R320 and Small Business RV325. This affects an unknown function of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2023-20139. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

百度网盘被发现安装智能看图插件，默认劫持图片打开方式，并模仿微软照片应用界面诱导用户使用。

契约锁，是一个电子签章及印章管控平台，提供的电子文件具有与纸质文件一样的法律效力。2025年7月，契约锁发布安全补丁修复了远程代码执行漏洞。该漏洞允许未授权攻击者通过特定方式在服务器上执行任意代码。

A vulnerability was found in Microsoft Dynamics 365 Business Central 2022 and classified as problematic. Affected is an unknown function. The manipulation results in information disclosure. This vulnerability was named CVE-2022-41066. The attack may be performed from a remote location. There is no available exploit. Applying a patch is advised to resolve this issue.

A vulnerability labeled as problematic has been found in Cisco Firepower Management Center. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-20377. The attack may be performed from a remote location. There is no available exploit. The affected component should be upgraded.

A vulnerability described as critical has been identified in zhijiantianya ruoyi-vue-pro 2.4.1. Impacted is an unknown function of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. Executing manipulation of the argument File can lead to path traversal. The identification of this vulnerability is CVE-2025-2743. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Checkmk up to 2.1.0p50/2.2.0p40/2.4.0b1. This vulnerability affects unknown code. The manipulation results in session expiration. This vulnerability is reported as CVE-2025-2596. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability categorized as problematic has been discovered in Significant-Gravitas AutoGPT up to 0.6.0. This impacts an unknown function. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-31494. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Checkmk up to 2.1.0p49/2.2.0p40/2.3.0p28. The impacted element is an unknown function. Executing manipulation can lead to sensitive information in log files. The identification of this vulnerability is CVE-2025-2092. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been declared as critical. This affects an unknown part of the file /goform/telnet. Executing manipulation can lead to command injection. The identification of this vulnerability is CVE-2025-4357. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Bandisoft Bandizip up to 7.37. Impacted is an unknown function of the component Archived Files Handler. The manipulation results in inclusion of web functionality from an untrusted source. This vulnerability is reported as CVE-2025-33027. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR and FortiCamera. It has been rated as critical. Affected is an unknown function of the component Hash Cookie Handler. Performing manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-32756. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents.  The feature addresses growing enterprise concerns about governance and security in AI agent deployment across organizations. Key Takeaways1. Microsoft is introducing a tenant-level feature for managing Copilot agent […]

The post New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies appeared first on Cyber Security News.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

CVE-2025-0282

一键加解密，让你像测试明文一样简单

针对 CVE-2025-32463代码跟踪