Aggregator

AI赋能的、数据与流程双轮驱动的、自动化优先的实战化安全运营平台

A vulnerability classified as problematic was found in Oued CyrixMED 1.4. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument msg_erreur leads to cross site scripting. This vulnerability is known as CVE-2008-2264. The attack can be launched remotely. Furthermore, there is an exploit available.

Did Marlboro-Chesterfield Pathology Pay Cybercrime Gang Safepay a Ransom?
A North Carolina pathology practice is notifying nearly 236,000 patients of a hacking incident discovered in January. Marlboro-Chesterfield Pathology says it "took steps" to ensure the hackers deleted its stolen data. Newcomer ransomware group Safepay is apparently the culprit in the attack.

Buyout Targets Deeper US Penetration, Digital Risk Intel, Ransomware Defense
Cognyte’s $4 million buy of GroupSense boosts its North America strategy, enhancing its investigative analytics platform with deep and darkweb threat insights and access to U.S. government and enterprise customers. The deal will enhance Cognyte’s analytics platform and threat protection offerings.

Labour Government Blames Tories
British law firms representing low-income criminal defendants and civil litigants are having to work for free for weeks or decline new cases as the fallout of a cyberattack against the U.K. Legal Aid Agency forced the agency to yank its online portal offline.

Global Collaboration Leads to Drug, Firearm Bust
U.S. and European officials Thursday touted a global operation to disrupt the criminal darkweb, announcing the arrest of 270 accused darkweb vendors and buyers across 10 countries. "Operation RapTor" resulted in the confiscation of more than $200 million and more than two metric tons of drugs.

点击查看更多本周网络安全大事件。

A vulnerability has been found in Apache POI up to 5.3.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the component OOXML File Parser. The manipulation leads to information disclosure. This vulnerability is known as CVE-2025-31672. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHP up to 8.1.31/8.2.27/8.3.18/8.4.4. It has been classified as problematic. Affected is an unknown function of the component Header Parser. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2025-1217. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

在风云变幻的印太地区，东南亚正逐渐成为各大国角力的关键舞台。而在这场复杂的地缘政治博弈中，印度以其独特的地理

A vulnerability has been found in Zalomení Plugin up to 1.5 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12872. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Domestic OPSI Israel Domestic Shipments Plugin up to 2.6.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13100. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in EasyVirt DCScope and CO2Scope. This issue affects some unknown processing. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-53354. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in MobSF Mobile-Security-Framework-MobSF 4.3.0. This vulnerability affects unknown code. The manipulation leads to improper validation of specified type of input. This vulnerability was named CVE-2025-24804. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in MobSF Mobile-Security-Framework-MobSF 4.3.0. Affected is an unknown function of the component Access Token Handler. The manipulation leads to improper privilege management. This vulnerability is traded as CVE-2025-24805. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Guten Free Options Plugin up to 0.9.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13492. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Trendnet TEG-40128 Web Smart Switch 1.00.023. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-25523. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Chalet-Montagne Tools Plugin up to 2.7.8 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12586. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in mlfactory DSGVO All in one Plugin up to 4.6 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user_remove_form.php. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-13356. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in sonalsinha21 SKT Blocks Plugin up to 1.7 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13733. The attack can be initiated remotely. There is no exploit available.