Aggregator

A vulnerability classified as problematic has been found in binary-husky gpt_academic up to 3.9.0. This affects an unknown part of the file debug_log.html of the component Latex Proof-Reading Module. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0183. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Vaelsys 4.1.0 and classified as critical. This issue affects some unknown processing of the file /grid/vgrid_server.php of the component User Creation Handler. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-8261. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in JetBrains TeamCity and classified as problematic. Affected by this issue is some unknown functionality of the component GitHub App Connection Flow. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-54528. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Vaelsys 4.1.0 and classified as problematic. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component MD4 Hash Handler. The manipulation of the argument xajaxargs leads to use of weak hash. This vulnerability was named CVE-2025-8260. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/SetFirewallCfg of the component Packet Handler. The manipulation of the argument firewallEn leads to denial of service. This vulnerability is handled as CVE-2025-29358. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been classified as problematic. This affects an unknown part of the file /goform/saveParentControlInfo of the component Packet Handler. The manipulation of the argument deviceId leads to denial of service. This vulnerability is uniquely identified as CVE-2025-29359. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tenda RX3 16.03.13.11_multi_TDE01. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/SetSysTimeCfg of the component Packet Handler. The manipulation of the argument timeZone leads to denial of service. This vulnerability was named CVE-2025-29360. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in URI Gem up to 0.11.2/0.12.3/0.13.1/1.0.2 on Ruby. It has been rated as problematic. Affected by this issue is the function URI.join/URI#merge/URI#+. The manipulation leads to improper removal of sensitive information before storage or transfer. This vulnerability is handled as CVE-2025-27221. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

文章介绍了一种无需编码的简单技巧，在15分钟内通过输入奇怪邮件地址赚取500美元漏洞赏金的方法，揭示了开发者常忽略客户端验证的漏洞。

文章介绍了一种简单高效的漏洞赏金获取方法：通过在网站注册表中输入特殊格式的电子邮件地址，利用开发者对客户端验证的疏忽，在15分钟内轻松获得$500奖励。这种方法无需编码知识，适合所有人尝试。

Aditya Sunny发现Linktree存在输入验证绕过漏洞，允许注册带前导空格的用户名。此漏洞可导致身份冒充、钓鱼攻击及信任滥用，在移动端尤为隐蔽。建议Linktree加强后端输入清理及服务器端验证以修复问题。

一位黑客在浏览Facebook广告时发现了一个隐藏的Open Redirect漏洞，并利用它发现了反射型XSS（rXSS）漏洞，在HackerOne上获得了1000美元奖励。整个过程仅耗时8分钟。该漏洞存在于流媒体平台Showmax的安全项目中，该项目已6个月未有报告。

JSON Web Token (JWT) 是一种基于 JSON 的令牌格式，用于身份验证和授权。它由三部分组成：头部（包含元数据）、载荷（包含声明）和签名（用于验证）。广泛应用于 Web 开发中以安全传输信息。

本文描述了Hack The Box平台上的Headless靶机渗透过程,包括添加hosts文件、使用nmap扫描开放端口,发现SSH和HTTP服务,并获取相关服务版本信息等初始步骤。

当前环境异常，需完成验证后方可继续访问。

​总体来说，技术、钱、人，都透着兴奋。

Here’s a look at the most interesting products from the past month, featuring releases from: Akeyless, At-Bay, Barracuda Networks, Bitdefender, Cynomi, Darwinium, DigitalOcean, Immersive, Lepide, Malwarebytes, ManageEngine, NETSCOUT, PlexTrac, Scamnetic, Seemplicity, Socure, StealthCores, Stellar Cyber, Tosibox, Tracer AI, and Zenni Optical. Darwinium launches AI tools to detect and disrupt adversarial threats Darwinium has announced Beagle and Copilot, two new agentic AI features that simulate adversarial attacks, surface hidden vulnerabilities, and dynamically optimize fraud defenses. As … More →

The post Infosec products of the month: July 2025 appeared first on Help Net Security.

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

黑客利用SAP NetWeaver漏洞CVE-2025-31324部署Linux Auto-Color恶意软件。该恶意软件具备高级躲避机制，在无法连接C2服务器时抑制行为以避免检测，并可执行远程访问、文件修改等操作。SAP已修复漏洞，管理员需及时更新以应对威胁。

作为核心共建单位之一， vivo副总裁周围受邀出席论坛并参与平台发布仪式。