Submit #641127: mrvautin https://github.com/mrvautin/expressCart <=1.0.0 Frame Injection [Accepted]
Submit #641127 / VDB-322112
Aggregator
Docker Desktop逃逸漏洞(CVE-2025-9074)分析报告
2 months ago
本文是对Docker Desktop逃逸漏洞(CVE-2025-9074)的简要分析。
CVE-2025-9795 | xujeff tianti 天梯 up to 2.3 UploadController.java ajaxUploadFile upfile unrestricted upload (Issue 43 / EUVD-2025-26359)
2 months ago
A vulnerability marked as critical has been reported in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload.
This vulnerability is traded as CVE-2025-9795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #641125: thinkgem https://github.com/thinkgem/jeesite5 <=v5.12.1 XSS [Accepted]
2 months ago
Submit #641125 / VDB-322111
ZAST.AI
CVE-2025-9794 | Campcodes Computer Sales and Inventory System 1.0 pos_transac.php?action=add cash/firstname sql injection (EUVD-2025-26360)
2 months ago
A vulnerability labeled as critical has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection.
This vulnerability appears as CVE-2025-9794. The attack may be performed from remote. In addition, an exploit is available.
Other parameters might be affected as well.
vuldb.com
Submit #641122: xujeff https://github.com/xujeff/tianti <=2.3 Dangerous type of file upload (CWE-434) [Accepted]
2 months ago
Submit #641122 / VDB-322110
ZAST.AI
AI Agent祛魅之路
2 months ago
Galaxy Kylin: эта ОС умеет то, что не может Windows — безвозвратно стирает компромат
2 months ago
Пекин выпустил операционку для цифровой независимости.
Submit #642559: Campcodes Computer Sales and Inventory System V1.0 SQL Injection [Duplicate]
2 months ago
Submit #642559 / VDB-322109
suuuu
Submit #641103: Campcodes Computer Sales and Inventory System V1.0 SQL Injection [Accepted]
2 months ago
Submit #641103 / VDB-322109
Noney
Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware
2 months ago
In recent months, Trustwave SpiderLabs—a LevelBlue company renowned for its threat intelligence and incident response services—has observed a marked uptick in phishing campaigns that leverage legitimate email marketing platforms to cloak malicious links. By hijacking established infrastructure and URL redirectors, attackers are evading traditional defenses and duping recipients into divulging sensitive information. To combat these […]
The post Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Mayura Kathir
Critical Next.js Flaw Lets Attackers Bypass Authorization Controls
2 months ago
A newly disclosed critical vulnerability in the Next.js framework, tracked as CVE-2025-29927, allows unauthenticated attackers to bypass middleware-based authorization checks by exploiting improper handling of the x-middleware-subrequest HTTP header. This flaw impacts all versions of Next.js that rely on this header to differentiate between internal subrequests and external traffic, risking exposure of protected routes and administrative interfaces. […]
The post Critical Next.js Flaw Lets Attackers Bypass Authorization Controls appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Divya
Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication
2 months ago
Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…
Waqas
Top 10 Cybersecurity Companies in United States (2025 Ranking)
2 months ago
Cyberattacks in the United States aren’t slowing down. From billion-dollar ransomware hits to stealthy supply chain breaches, every month brings a new headline. And the cost is staggering. The average...
The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Strobes Security.
The post Top 10 Cybersecurity Companies in United States (2025 Ranking) appeared first on Security Boulevard.
Shubham Jha
【安全圈】YouTuber 协助破获 6500 万美元国际诈骗团伙,主要受害者为美国老年人
2 months ago
关键词网络诈骗一对 YouTube 搞笑博主与反诈骗内容创作者协助美国执法部门,成功摧毁了一个跨国诈骗网络。
【安全圈】美荷联手查封 VerifTools 虚假身份黑市,运营者迅速换域名重生
2 months ago
关键词网络犯罪美国与荷兰执法部门联合宣布,已成功查封 VerifTools ——一个向全球网络犯罪分子兜售伪造
【安全圈】马斯克证实:xAI 整个代码库被盗,前华人工程师承认不当行为并跳槽 OpenAI
2 months ago
【安全圈】重大安全漏洞曝光,WhatsApp与Apple紧急发布补丁
2 months ago
关键词安全漏洞WhatsApp 已修复其 iOS 与 macOS 应用中的一处严重安全漏洞,该漏洞已被黑客在野
Desolator
2 months ago
You must login to view this content
cohenido
Главная угроза ИИ — не код, а психология. Хакеры будущего будут вооружены не эксплойтами, а трудами Роберта Чалдини
2 months ago
ChatGPT нарушает запреты под действием поведенческих триггеров.