Aggregator

在西雅图举办的第 83 届世界科幻大会宣布了 2025 年雨果奖获奖名单： 最佳长篇小说：Robert Jackson Bennett 的《The Tainted Cup》，《Shadow of the Leviathan》系列第一部，故事发生在一个被海墙环绕的帝国 Khanum，每逢雨季巨兽利维坦会出现，然后被击退，帝国公民需要时刻关注海墙的缺口，故事始于调查一起谋杀案； 
最佳中长篇小说：Ray Nayle 的《The Tusks of Extinction》； 
最佳中短篇小说：Naomi Kritzer 的《The Four Sisters Overlooking the Sea》；
最佳短篇小说：Nghi Vo 的《Stitched to Skin Like Family Is》：
最佳系列小说：Rebecca Roanhorse 的《Between Earth and Sky》系列； 
最佳科幻电视剧：《星际迷航：下层舰员》第五季第 10 集《The New Next Generation》；
最佳电影：《沙丘：第二部》：
最佳游戏：《卡德洞窟（Caves of Qud）》（龙腾世纪4、塞尔达传说和 1000xRESIST 等入围）。

A vulnerability, which was classified as problematic, has been found in Elseplus File Recovery App 4.4.21 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml. This manipulation causes improper export of android application components. The identification of this vulnerability is CVE-2025-9098. The attack can only be executed locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.cic_prod.bad. The manipulation results in improper export of android application components. This vulnerability was named CVE-2025-9097. The attack needs to be approached locally. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #627902 / VDB-320420

Агенты раскрыли ошибки в ПО, где люди и инструменты провалились.

Submit #627899 / VDB-320419

A vulnerability classified as problematic has been found in ExpressGateway express-gateway up to 1.16.10. This impacts an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-9096. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in ExpressGateway express-gateway up to 1.16.10. This affects an unknown function in the library lib/rest/routes/users.js of the component REST Endpoint. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-9095. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #627833 / VDB-320418

Submit #627709 / VDB-320417

A vulnerability marked as critical has been reported in ThingsBoard 4.1. The impacted element is an unknown function of the component Add Gateway Handler. Performing manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is known as CVE-2025-9094. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."

Submit #626292 / VDB-320416

A vulnerability labeled as problematic has been found in BuzzFeed App 2024.9 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.buzzfeed.android. Such manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-9093. An attack has to be approached locally. Furthermore, there is an exploit available.

Как технологии потрясли основы веры…

Submit #623584 / VDB-320415

该系列是根据《从Top20开源组件漏洞浅谈开源安全治理困境》中我们梳理的最常见组件漏洞制作的漏洞分析系列。本篇是该系列的第二篇分析报告。

在Apache Hertzbeat<=1.7.1的版本下利用h2 jdbc实现RCE