Aggregator

A vulnerability was found in D-Link DI-8400 16.07.26A1. It has been classified as problematic. This affects an unknown part of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument share_enable leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-8175. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Model Context Protocol (MCP) 正迅速成为连接 AI 代理与数据源、工具、服务的标准通信协议，MCP 带来的安全漏洞也在显现，对 agentic AI 系统构成独特威胁。

当前环境出现异常状态,需完成验证操作后方可继续访问。

Apple发布iOS 26等系统公开测试版，引入液态玻璃设计风格，优化锁屏界面并支持3D效果与动态背景。主屏幕和小组件布局更灵活，Safari浏览器采用沉浸式设计。相机应用UI重构，照片功能升级。底部横条存在感降低。新增实时翻译、游戏聚合应用及电池续航优化等功能。

虚拟化逃逸 Windows 内核提权

A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is handled as CVE-2025-8174. The attack may be launched remotely. Furthermore, there is an exploit available.

本期404星链计划新收录的2个优质项目分别是WeaponizedVSCode和QScan。

当前环境出现异常问题,需完成验证后才能继续访问,并提供了"去验证"和"返回"两个操作选项。

当前环境异常，需完成验证后方可继续访问。

Submit #621708 / VDB-317589

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. This vulnerability is known as CVE-2025-8173. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #621586 / VDB-317588

Submit #621527 / VDB-313827

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. This vulnerability is traded as CVE-2025-8172. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #621508 / VDB-317587

Chennai, India, July 25th, 2025, CyberNewsWire xonPlus, a real-time digital risk alerting system, officially launches today to help security teams detect credential exposures before attackers exploit them. The platform detects data breaches and alerts teams and systems to respond instantly. Built by the team behind XposedOrNot, an open-source breach detection tool used by thousands, xonPlus […]

The post xonPlus Launches Real-Time Breach Alerting Platform For Enterprise Credential Exposure appeared first on Cyber Security News.

CasaOS 是一个简化开源项目部署的在线应用平台，支持一键安装 135 个常用工具如 Calibre、Emby 等，并提供直观界面和应用商店管理功能。

Microsoft has issued urgent warnings about active exploitation of critical SharePoint vulnerabilities CVE-2025-53770 and CVE-2025-53771 by multiple threat actors, including the China-based group Storm-2603, which has been deploying Warlock ransomware in compromised environments.  The vulnerabilities affect on-premises SharePoint Server 2016, 2019, and Subscription Edition, with exploitation attempts observed as early as July 7, 2025. Key […]

The post Hackers Exploiting Sharepoint 0-day Vulnerability to Deploy Warlock Ransomware appeared first on Cyber Security News.