Aggregator

A vulnerability was found in MITRE CALDERA up to 4.0.x. It has been declared as problematic. This vulnerability affects unknown code of the component Operations Tab/Debrief Plugin. The manipulation of the argument operation name leads to cross site scripting. This vulnerability was named CVE-2022-40606. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file ip/tour/admin/operations/update_settings.php. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2022-42142. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Open Source SACCO Management System 1.0. Affected is an unknown function of the file /sacco_shield/manage_payment.php. The manipulation leads to sql injection. This vulnerability is traded as CVE-2022-42143. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Pichome System up to 2.1.0. It has been classified as problematic. Affected is an unknown function of the component Login Form. The manipulation of the argument username/password leads to cross site scripting. This vulnerability is traded as CVE-2025-44024. It is possible to launch the attack remotely. There is no exploit available.

粽香寄情，安全同行 值此端午佳节 我们为各位白帽子们准备了精美的端午礼盒 感谢大家一直以来的陪伴 祝师傅们 年年岁岁皆如愿，岁岁年年长安康

腾讯云安全公布近期十大安全漏洞，建议自查更新，防入侵保业务安全

Новая модель появилась, старая исчезла, вопросов больше, чем токенов.

Google on Wednesday released updates to address four security issues in its Chrome web browser, including one for which it said there exists an exploit in the wild. The high-severity vulnerability, tracked as CVE-2025-4664 (CVSS score: 4.3), has been characterized as a case of insufficient policy enforcement in a component called Loader. "Insufficient policy enforcement in Loader in Google

A vulnerability classified as problematic was found in Huawei HarmonyOS. Affected by this vulnerability is an unknown functionality of the component Home Screen Module. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2022-41588. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Chamilo 1.11.16. This affects an unknown part of the component Big File Upload Handler. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2022-42029. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in Peergos 1.1.0. This vulnerability affects the function getDocumentBuilder of the component WebDav Servlet. The manipulation leads to xml external entity reference. This vulnerability was named CVE-2025-4639. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Palo Alto Cloud NGFW and PAN-OS up to 6.3.2. Affected is an unknown function of the component Management Web Interface. The manipulation leads to improper neutralization of script in attributes in a web page. This vulnerability is traded as CVE-2025-0137. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto Cortex XDR Broker VM up to 26.0.118. It has been classified as critical. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-0132. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Palo Alto GlobalProtect App and GlobalProtect UWP App up to 6.0.0/6.1.0/6.2.7/6.3.2 on macOS. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-0135. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-32002. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been rated as critical. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-32738. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in TECNO com.transsion.aivoiceassistant 4.1.1.014. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2025-4737. Attacking locally is a requirement. There is no exploit available.

Ransomware has evolved into a deceptive, highly coordinated and dangerously sophisticated threat capable of crippling organizations of any size. Cybercriminals now exploit even legitimate IT tools to infiltrate networks and launch ransomware attacks. In a chilling example, Microsoft recently disclosed how threat actors misused its Quick Assist remote assistance tool to deploy the destructive

Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of…

攻击模式大变天！360独家解析4月勒索软件流行态势