Aggregator

2024:浏览器从 A 到 Z

Sukka's Blog
7 months 3 weeks ago
和大部分人使用浏览器书签或者导航类网站索引自己的常用网站不同,我强烈依赖基于浏览器地址栏自动补全来访问我常用的网站。那么,将 A-Z 逐一输入到 Google Chrome 的地址栏里,我的 Google Chrome 都会自动补全出哪些域名呢?
Sukka

CVE-2025-0846 | 1000 Projects Employee Task Management System 1.0 /admin/AdminLogin.php email sql injection

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. This vulnerability is uniquely identified as CVE-2025-0846. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0847 | 1000 Projects Employee Task Management System 1.0 Login /index.php email sql injection

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. This vulnerability was named CVE-2025-0847. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0848 | Tenda A18 up to 15.13.07.09 HTTP POST Request /goform/SetCmdlineRun wpapsk_crypto5g stack-based overflow

Vuldb Updates
7 months 3 weeks ago
A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2025-0848. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-0849 | CampCodes School Management Software 1.0 Staff /edit-staff/ improper authorization

Vuldb Updates
7 months 3 weeks ago
A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-0849. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Lazarus Group Drop Malicious NPM Packages in Developers Systems Remotely

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
7 months 3 weeks ago

In a recent discovery by Socket researchers, a malicious npm package named postcss-optimizer has been identified as an operation spearheaded by the North Korean state-sponsored group, Lazarus Advanced Persistent Threat (APT). Tied to past campaigns and employing code-level similarities, the package is linked to the Contagious Interview subgroup of Lazarus, infamously targeting software developers through […]

The post Lazarus Group Drop Malicious NPM Packages in Developers Systems Remotely appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad