Aggregator

A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting. This vulnerability is known as CVE-2025-8508. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Woffice Core Plugin up to 5.4.26 on WordPress and classified as problematic. Affected by this issue is the function woffice_file_manager_delete. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-7694. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Alpine iLX-507 6.0.000. Affected is the function UPDM_wstpCBCUpdStart. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-8473. It is possible to launch the attack on the physical device. There is no exploit available.

Standoff 16 соберёт атакующих и защитников из разных стран.

Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to organizations worldwide as practical exploit code has already been discovered circulating in the wild. Vulnerability […]

The post Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Insyde H2O. Affected is an unknown function of the component SetupUtility. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-4410. The attack needs to be approached locally. There is no exploit available.

亚马逊成功发射24颗Kuiper互联网卫星，使其在轨数量达到102颗。为满足FCC要求，亚马逊计划于2029年前完成3236颗卫星发射，并已与各国政府签约，计划今年晚些时候开始商业服务。

在因天气原因四次推迟发射之后，亚马逊使用 SpaceX Falcon 9 火箭发射了 24 颗 Kuiper 互联网卫星，Kuiper 卫星星座在轨数量达到了 102 颗。SpaceX 是目前最大的低地球轨道卫星互联网提供商，其 Starlink 卫星星座总数约 8000 颗，在全世界有 500 万用户。为遵守 FCC(联邦通信委员会) 设定的最后期限，亚马逊正在加快发射 Kuiper 卫星。FCC 要求亚马逊到 2026 年 7 月底发射 1600 颗卫星，到 2029 年 7 月底完成 3236 颗卫星的发射。亚马逊从不同火箭公司预定了多达 83 次发射合同，其中三次是与竞争对手 SpaceX。虽然该公司的卫星星座处于早期阶段，亚马逊已经与各国政府签署了协议，希望今年晚些时候开始提供商业服务。

A vulnerability was found in Insyde H2O up to 05.71.20. It has been rated as critical. This issue affects the function Tcg2Smm. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2025-4277. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS free and cross-platform compatible. Design and build The drive comes with a compact carry case, a USB-C to USB-A adapter, and a quick start guide. It is enclosed in aircraft-grade aluminum alloy and sealed with tamper-resistant, tamper-evident uni-directional breakaway security fasteners that are driven and cemented … More →

The post Product showcase: Apricorn Aegis NVX, a high-security, portable SSD appeared first on Help Net Security.

A vulnerability was found in Insyde H2O up to 05.39.17/05.47.17/05.55.17/05.62.17/05.71.17. It has been declared as critical. This vulnerability affects unknown code of the component UsbCoreDxe. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-4276. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as problematic. This affects an unknown part of the component V8. The manipulation leads to race condition. This vulnerability is uniquely identified as CVE-2025-8880. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Substance3D Stager up to 3.1.3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-54222. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Dimension up to 4.1.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-54238. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Adobe Framemaker up to 2020.8/2022.6. Affected is an unknown function of the component File Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-54233. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Adobe Framemaker up to 2020.8/2022.6. This issue affects some unknown processing of the component File Handler. The manipulation leads to use after free. The identification of this vulnerability is CVE-2025-54232. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Adobe Framemaker up to 2020.8/2022.6. This vulnerability affects unknown code of the component File Handler. The manipulation leads to use after free. This vulnerability was named CVE-2025-54231. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part of the component File Handler. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-54229. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

FreeBuf甲方群围绕数据安全展开讨论，探讨蓝队溯源反制、高频告警处理及红队入侵应急响应等问题，并分享了通过日志分析、蜜罐部署、自动化工具等手段提升防御能力的经验。

A vulnerability was found in Adobe Framemaker up to 2020.8/2022.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-54230. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.