Aggregator

复旦大学CodeWisdom团队在轻量级代码数字孪生研究方面取得进展

本期周报简介：1、针对CDN被恶意刷流量导致损失，有哪些高效防御方案？ 2、公司内部网络安全事件定责时，判罚梯度如何设置？

当前环境出现异常，需完成验证后方可继续访问。

释放医疗数据价值的同时保障业务连续与数据安全。

A vulnerability labeled as problematic has been found in Zoho ManageEngine Exchange Reporter Plus up to 5722. This issue affects some unknown processing of the component Folder-wise Read Mail Handler. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-5366. The attack may be performed from remote. There is no available exploit.

A vulnerability marked as problematic has been reported in Zoho ManageEngine Exchange Reporter Plus up to 5722. Impacted is an unknown function of the component Filename Keyword Report. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-5966. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in code-projects Simple Shopping Cart 1.0. It has been classified as critical. This affects an unknown part of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7608. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Electricity Billing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/change_password.php. This manipulation of the argument new_password causes sql injection. The identification of this vulnerability is CVE-2025-7610. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. The identification of this vulnerability is CVE-2025-6493. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

A vulnerability has been found in code-projects Job Diary 1.0 and classified as critical. This affects an unknown function of the file /view-all.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-7593. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. This impacts an unknown function of the file /view-emp.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7594. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability labeled as critical has been found in PHPGurukul Online Fire Reporting System 1.2. The affected element is an unknown function of the file /admin/bwdates-report-result.php. Such manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is documented as CVE-2025-7559. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Zoho ManageEngine Exchange Reporter Plus up to 5721. It has been declared as critical. This vulnerability affects unknown code of the component Content Search Module. The manipulation results in unrestricted upload. This vulnerability was named CVE-2025-3835. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability marked as problematic has been reported in Mattermost up to 9.11.11/10.4.4/10.5.2/10.6.1. Impacted is an unknown function of the component API. This manipulation causes incorrect authorization. This vulnerability is handled as CVE-2025-3446. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Mattermost up to 9.11.10/10.4.2/10.5.0. It has been declared as problematic. The impacted element is an unknown function of the file /plugins/playbooks/api/v0/signal/keywords/ignore-thread of the component API Endpoint. The manipulation results in incorrect authorization. This vulnerability is known as CVE-2025-41423. It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.

Carmaker Anticipates Phased Restart of Production
The British government will guarantee a 1.5 billion pound loan to Jaguar Land Rover as the embattled carmaker grapples with the fallout of a September cyberattack that froze production and sales across the globe. The government backed-loan shows the hack endangered "national economic security."

Cognex Says It Won't Patch Flaws
Nearly a dozen serious vulnerabilities in a Cognex industrial smart camera will go without a patch because the company says the model is "too old to merit a fix." Industrial security firm Nozomi Networks uncovered nine flaws during a security assessment.

2024 Cyberattack Was One of Several on Other Blood Suppliers in US, UK
OneBlood, which provides blood supplies to 250 hospitals in Florida, Georgia and the Carolinas, will pay $1 million to settle proposed class action litigation filed against the non-profit entity in the wake of a 2024 ransomware attack that compromised the information of nearly 170,000 individuals.

Global Cyber Agencies Call for Exhaustive OT Inventories to Combat Threats
Global cyber agencies are urging critical infrastructure owners and operators to maintain "definitive records" of their complex operational technology environments, calling for exhaustive asset visibility as regulators shift toward prescriptive mandates to counter escalating threats.