Aggregator

Вы верите в один текст. Но на каждое слово — по 4 версии.

A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. This vulnerability is handled as CVE-2025-8524. The attack needs to be approached locally. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in RiderLike Fruit Crush-Brain App 1.0 on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.fruitcrush.fun. The manipulation leads to improper export of android application components. This vulnerability is known as CVE-2025-8523. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #619037 / VDB-318650

A severe security vulnerability in the widely-used Squid HTTP proxy has been disclosed, potentially exposing millions of systems to remote code execution attacks. The flaw, designated as CVE-2025-54574 and SQUID-2025:1, represents a critical buffer overflow vulnerability in the software’s URN handling mechanism that could allow attackers to execute arbitrary code on affected systems. Vulnerability Details […]

The post Critical Squid Flaw Allows Remote Code Execution by Attackers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #619035 / VDB-318649

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. This vulnerability is traded as CVE-2025-8522. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the component Add Type Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-8521. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in givanz Vvveb up to 1.0.5. This vulnerability affects unknown code of the file /vadmin123/?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to server-side request forgery. This vulnerability was named CVE-2025-8520. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-8519. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. This vulnerability is handled as CVE-2025-8518. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. This vulnerability is known as CVE-2025-8517. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Submit #616993 / VDB-318648

Submit #625003 / VDB-318647

Submit #624973 / VDB-318646

Submit #624972 / VDB-318645

Submit #624971 / VDB-318644

Submit #623135 / VDB-318643

The cybersecurity landscape continues to evolve as threat actors develop increasingly sophisticated methods to compromise Windows systems. A new ransomware variant known as Interlock has emerged as a significant threat, leveraging the deceptive ClickFix social engineering technique to execute malicious commands on victim machines. This malware represents a concerning evolution in ransomware deployment tactics, combining […]

The post Interlock Ransomware Employs ClickFix Technique to Run Malicious Commands on Windows Machines appeared first on Cyber Security News.

研究人员分析了古人类牙齿化石中的碳和氧同位素。这些同位素是人类食用禾本科植物后留下的。结果发现，古人类远在其牙齿进化到能有效咀嚼这些植物之前，就开始倾向于食用它们。直到 70 万年后，古人类才长出能轻松咀嚼坚韧植物纤维的较长臼齿。这些发现表明，早期人类的成功得益于在身体受限的情况下适应新环境的能力。人类学家一般认为行为和形态是同步进化的。但最新研究发现，行为可以成为一股推动进化的力量，对形态和饮食轨迹产生重大影响。