Aggregator

CVE-2025-6500 | code-projects Inventory Management System 1.0 editCategories.php editCategoriesName sql injection (EUVD-2025-18862)

5 months 3 weeks ago

A vulnerability, which was classified as critical, has been found in code-projects Inventory Management System 1.0. Affected by this issue is some unknown functionality of the file /php_action/editCategories.php. The manipulation of the argument editCategoriesName leads to sql injection. This vulnerability is handled as CVE-2025-6500. The attack may be launched remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2024-56973 | Alvaria Unified IP Unified Director up to 7.2SP1 ProcessUploadFromURL.jsp filename permission (EUVD-2024-53478)

5 months 3 weeks ago

A vulnerability was found in Alvaria Unified IP Unified Director up to 7.2SP1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file ProcessUploadFromURL.jsp. The manipulation of the argument filename leads to permission issues. This vulnerability is known as CVE-2024-56973. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-56972 | Midea Home 9.3.12 on iOS Link information disclosure (EUVD-2024-53477)

5 months 3 weeks ago

A vulnerability has been found in Midea Home 9.3.12 on iOS and classified as problematic. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-56972. The attack can be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-56968 | Shenzhen Intellirocks Tech Govee Home 6.5.01 on iOS information disclosure (EUVD-2024-53474)

5 months 3 weeks ago

A vulnerability was found in Shenzhen Intellirocks Tech Govee Home 6.5.01 on iOS. It has been classified as problematic. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-56968. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-56969 | Pixocial Technology BeautyPlus 7.8.010 on iOS Link information disclosure (EUVD-2024-53475)

5 months 3 weeks ago

A vulnerability was found in Pixocial Technology BeautyPlus 7.8.010 on iOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-56969. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-56971 | Zhiyuan Yuedu Literature Information Technology Shuqi Novel 5.3.8 on iOS Link information disclosure (EUVD-2024-53476)

5 months 3 weeks ago

A vulnerability was found in Zhiyuan Yuedu Literature Information Technology Shuqi Novel 5.3.8 on iOS and classified as problematic. Affected by this issue is some unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-56971. The attack may be launched remotely. There is no exploit available.

vuldb.com

Medical device cyberattacks push hospitals into crisis mode

Help Net Security

5 months 3 weeks ago

22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. The survey reveals that healthcare cybersecurity has evolved from primarily an IT concern to a patient safety imperative driving procurement decisions and operational strategies. In fact, the findings demonstrate a shift in healthcare cybersecurity priorities, with 35% of organizations now identifying OT systems … More →

The post Medical device cyberattacks push hospitals into crisis mode appeared first on Help Net Security.

Help Net Security

Kids Online Safety Act (KOSA): Protecting Kids or Censorship?

Security Boulevard

5 months 3 weeks ago

In this episode, we explore the Kids Online Safety Act (KOSA), a controversial bill aimed at protecting children online. Joined by co-host Scott Wright, we discuss the potential implications of KOSA, including concerns about censorship, mass surveillance, and the impact on free expression and online privacy. We also touch on the broad support for the […]

The post Kids Online Safety Act (KOSA): Protecting Kids or Censorship? appeared first on Shared Security Podcast.

The post Kids Online Safety Act (KOSA): Protecting Kids or Censorship? appeared first on Security Boulevard.

Tom Eston

CVE-2008-5288 | Scripts4you FAQ Manager 1.2 include/header.php config_path code injection (EDB-7229 / XFDB-46840)

5 months 3 weeks ago

A vulnerability classified as critical has been found in Scripts4you FAQ Manager 1.2. This affects an unknown part of the file include/header.php. The manipulation of the argument config_path leads to code injection. This vulnerability is uniquely identified as CVE-2008-5288. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2012-5346 | Bencemeszaros Wp-livephp 1.2.1 wp-live.php cross site scripting (EDB-36483 / XFDB-72080)

5 months 3 weeks ago

A vulnerability was found in Bencemeszaros Wp-livephp 1.2.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file wp-live.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2012-5346. The attack can be launched remotely. Furthermore, there is an exploit available.

vuldb.com

Fortinet发布全新AI驱动邮件安全解决方案组合，邮件安全产品矩阵再升级

5 months 3 weeks ago

专注推动网络与安全融合的全球性综合网络安全解决方案供应商 Fortinet®（NASDAQ：FTNT），近日宣布发布新一代企业级邮件安全解决方案组合FortiMail Workspace Security suite，全面增强旗下数据和生产力安全产品组合，实现邮件安全生态全面进化。

AI 驱动的通信、协作和数据安全防御

《Fortinet 2025 年全球威胁态势研究报告》强调，随着 AI 驱动型网络犯罪的日益兴起，攻击者正大肆利用自动化技术，发起高度仿真的网络钓鱼、身份冒充及帐户接管等复杂攻击。

Fortinet 增强型 FortiMail 邮件安全解决方案组合，全面覆盖电子邮件、浏览器和办公协作环境，提供 AI 驱动的智能防护，随时随地高效抵御内外部威胁，助力企业从容应对上述挑战，跨整个数字办公环境保护用户交互和数据流动安全，构建办公全场景智能防护体系。

全新功能的引入，进一步奠定 FortiMail 业界涵盖范围广、高度可定制电子邮件安全平台的领先地位，将防护范围从电子邮件扩展至浏览器和办公协作工具。全新功能结合 FortiDLP 下一代数据防泄漏（DLP）和 Fortinet 内部风险管理解决方案，为用户提供 AI 驱动的统一智能防护方案，全方位守护当今动态办公环境，确保用户和敏感数据安全：

1、电子邮件安全生态全面进化：全新 FortiMail 全面满足各类电子邮件安全需求，包括入站、出站（含中继转发）及内部邮件防护，支持硬件设备、虚拟机、托管服务和 SaaS 等多种部署形式。此外，还支持用户按需选择运行模式：网关模式、服务器模式、ICES 模式以及混合模式，兼具高度可配置的用户界面和精简流畅的 SaaS 访问体验。

近期，Fortinet 成功收购 Perception Point，该公司曾获评 2024 年 Gartner® 电子邮件安全魔力象限™ 远见者。通过整合 Perception Point 电子邮件安全解决方案，Fortinet 显著扩展了旗下 FortiMail 电子邮件安全平台的安全防护功能，奠定了 FortiMail 业界涵盖范围最广、高度可定制电子邮件安全平台的领先地位。

2、将安全性无缝扩展至协作工具：FortiMail邮件安全解决方案组合将保护范围从电子邮件无缝扩展至 Web 浏览器和各类办公协作工具，赋能企业跨 Microsoft 365 和 Teams、Google Workspace 和 Slack 等第三方平台，有效防范各类复杂威胁，实时拦截基于 Web 的规避型攻击、共享文件中隐藏的恶意软件及通过聊天和协作应用程序发送的恶意链接。

此外，该平台还进一步增强了云环境用户活动的可见性，帮助安全团队有效检测和防范帐户接管攻击，避免造成数据泄露、财务损失等严重后果。无缝集成的 24x7 全天候事件响应托管服务，支持快速分析和遏制威胁，有效缓解 SOC 团队日常工作负担。

3、更智能地防范关键数据泄露：FortiDLP 引入更多高级功能，例如具备数据谱系追踪（数据溯源）与序列检测功能的安全数据流管理，显著提升数据安全防护能力，为安全和内部风险团队提供从数据源头到终端的全链路可视化追踪，精准捕获和记录用户对敏感数据的使用轨迹及操作过程，并自动关联用户行为模式，智能识别需深度调查的高风险操作。

无论是有效监控云存储平台的数据非授权共享行为，还是防止敏感数据暴露于未经批准的软件即服务（SaaS）和 GenAI 平台，FortiDLP 都能提供丰富的上下文背景信息和风险管控能力，有效强化对知识产权等核心数据的保护。

面对当今不断变化的威胁环境，企业亟需部署统一安全策略，兼顾内外部威胁与风险，确保员工生产力的同时，严守敏感数据安全。凭借AI 驱动型 FortiMail邮件安全解决方案组合的扩展功能和 FortiDLP 解决方案，Fortinet 赋能企业始终领先于威胁行为者，全面掌控内部风险，全方位守护用户与数据安全，提升用户生产力。

企业资讯

BAZZAFL：通过面向漏洞的种子分组将模糊测试活动导向漏洞

5 months 3 weeks ago

CVE-2008-4743 | QuidaScript FAQ Management Script index.php catid sql injection (EDB-6629 / XFDB-44583)

5 months 3 weeks ago

A vulnerability classified as critical has been found in QuidaScript FAQ Management Script. This affects an unknown part of the file index.php. The manipulation of the argument catid leads to sql injection. This vulnerability is uniquely identified as CVE-2008-4743. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

vuldb.com

CVE-2024-56967 | Cloud Whale Interactive Technology PolyBuzz 2.0.20 on iOS Link information disclosure (EUVD-2024-53473)

5 months 3 weeks ago

A vulnerability, which was classified as problematic, was found in Cloud Whale Interactive Technology PolyBuzz 2.0.20 on iOS. This affects an unknown part of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-56967. It is possible to initiate the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-56964 | Che Hao Duo Used Automobile Agency Guazi Used Car 10.15.1 on iOS Link information disclosure (EUVD-2024-53470)

5 months 3 weeks ago

A vulnerability classified as problematic was found in Che Hao Duo Used Automobile Agency Guazi Used Car 10.15.1 on iOS. Affected by this vulnerability is an unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-56964. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-56965 | Shanghai Shizhi Information Technology Shihuo 8.16.0 on iOS Link information disclosure (EUVD-2024-53471)

5 months 3 weeks ago

A vulnerability, which was classified as problematic, has been found in Shanghai Shizhi Information Technology Shihuo 8.16.0 on iOS. Affected by this issue is some unknown functionality of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-56965. The attack may be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-56960 | Tianjin Xiaowu Information Technology BeiKe Holdings 1.3.50 on iOS Link information disclosure (EUVD-2024-53467)

5 months 3 weeks ago

A vulnerability was found in Tianjin Xiaowu Information Technology BeiKe Holdings 1.3.50 on iOS. It has been declared as problematic. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-56960. The attack can be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-56963 | Beijing Sogou Technology Development Sogou Input 12.2.0 on iOS Link information disclosure (EUVD-2024-53469)

5 months 3 weeks ago

A vulnerability was found in Beijing Sogou Technology Development Sogou Input 12.2.0 on iOS. It has been rated as problematic. This issue affects some unknown processing of the component Link Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-56963. The attack may be initiated remotely. There is no exploit available.

vuldb.com

CVE-2024-56962 | Tencent Technology WeSing 9.3.39 on iOS Link information disclosure (EUVD-2024-53468)

5 months 3 weeks ago

A vulnerability classified as problematic has been found in Tencent Technology WeSing 9.3.39 on iOS. Affected is an unknown function of the component Link Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-56962. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-56966 | Qidian Reader 5.9.384 on iOS Link information disclosure (EUVD-2024-53472)

5 months 3 weeks ago

A vulnerability has been found in Shanghai Xuan Ting Entertainment Information & Technology Qidian Reader 5.9.384 on iOS and classified as problematic. This vulnerability affects unknown code of the component Link Handler. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-56966. The attack can be initiated remotely. There is no exploit available.

vuldb.com