Aggregator

A vulnerability classified as problematic has been found in hailey888 oa_system. This affects an unknown part of the file /mail/MailController.java. The manipulation of the argument Password leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-29689. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

На серверы уже загружены шеллы, а дальше — только хуже.

Вместо того чтобы наращивать кластеры, они научили ИИ думать компактно… и удвоили результат.

在印巴冲突以来，印度要求 X/Twitter 在其境内屏蔽逾 8000 个账号。它给出的一个理由是这些账号传播了与冲突相关的虚假信息。印度的 X 用户将无法访问被屏蔽账号的内容，但其他地区的用户能正常浏览。被屏蔽的账号包括了知名的媒体，其中包括了新华社、环球时报等中国媒体。印巴双方已于 5 月 10 日达成停火协议，但相关账号仍然处于封禁状态。

微软官方发布5月安全更新，请及时安装补丁修复。

A vulnerability was found in TECNO com.transsion.aivoiceassistant 4.1.1.014. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cleartext storage of sensitive information. This vulnerability is traded as CVE-2025-4737. Attacking locally is a requirement. There is no exploit available.

X/Twitter 用户经常会 @Grok，询问 xAI 的聊天机器人对各种话题的看法。然而从本周三开始，马斯克（Elon Musk）的 AI 似乎也嗨了，对任何话题都以南非“白人种族灭绝”进行回应。Grok 喋喋不休地的将任何话题都转向南非“白人种族灭绝”以及相关歌曲《Kill the Boer》，它拒绝讨论其他话题。Grok 对该话题的观点几乎与马斯克完全一致，其训练材料可能就来自 X。

A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument subnet leads to command injection. The identification of this vulnerability is CVE-2025-4747. The attack may be initiated remotely. Furthermore, there is an exploit available.

Google has released emergency security updates to patch a high-severity Chrome vulnerability that has a public exploit and can let attackers hijack accounts. [...]

Пока вы подбираете шрифт, вредоносный код уже забирает права администратора.

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/purchase_delete.php. The manipulation of the argument pr_id leads to sql injection. This vulnerability was named CVE-2025-4746. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #571035 / VDB-309047

ИИ захватил поиск и заменил ответы на догадки… но этот алгоритм обещает всё исправить.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

近日，微软官方发布了多个安全漏洞的公告，其中微软产品本身漏洞76个，影响到微软产品的其他厂商漏洞0个。

近日，国家信息安全漏洞库（CNNVD）收到关于Fortinet多款产品安全漏洞（CNNVD-202505-1780、CVE-2025-32756）情况的报送。

Submit #571020 / VDB-309046

A vulnerability, which was classified as problematic, was found in code-projects Employee Record System 1.0. This affects an unknown part of the file current_employees.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-4745. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in code-projects Employee Record System 1.0. Affected by this issue is some unknown functionality of the file dashboard\edit_employee.php. The manipulation of the argument employeed_id/first_name/middle_name/last_name leads to cross site scripting. This vulnerability is handled as CVE-2025-4744. The attack may be launched remotely. Furthermore, there is an exploit available.