【安全圈】欧洲多座机场运营受阻,欧盟委会称网络攻击非“大规模”
关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月,某国际时尚品牌被曝数据泄露,其中国公司
Aggregator
【安全圈】央视起底开盒挂人黑产:百万粉丝主播遭威胁,6 人半年“开盒”800 余人获刑
9 months ago
关键词违反网络安全法一、上海某跨国公司违规出境用户信息案2025年5月,某国际时尚品牌被曝数据泄露,其中国公司
Ему 19 лет, а на счету — сотни атак и вымогательства на миллионы: лицо Scattered Spider рассекречено
9 months ago
Подросток-хакер из Лондона попался на заказе пиццы.
DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams
9 months ago
Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a known malware called BeaverTail and InvisibleFerret.
"The threat actor used ClickFix lures to target marketing and trader roles in cryptocurrency and retail sector organizations rather than targeting software development roles," GitLab
The Hacker News
CVE-2025-10817 | Campcodes Online Learning Management System 1.0 /admin/admin_user.php firstname sql injection
9 months ago
A vulnerability labeled as critical has been found in Campcodes Online Learning Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_user.php. Executing manipulation of the argument firstname can lead to sql injection.
The identification of this vulnerability is CVE-2025-10817. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-10816 | Jinher OA 2.0 XML ?text=GetUrl&style=add xml external entity reference
9 months ago
A vulnerability identified as problematic has been detected in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference.
This vulnerability was named CVE-2025-10816. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
Submit #655023: phpgurukul Daily Expense Tracker System V1.1 SQL Injection [Duplicate]
9 months ago
Submit #655023 / VDB-309038
names
Submit #654545: campcodes Online Learning Management System V1.0 SQL injection [Accepted]
9 months ago
Submit #654545 / VDB-325175
Liu Feng
Submit #654466: Jinher OA V2.0 XML External Entity Reference [Accepted]
9 months ago
Submit #654466 / VDB-325174
lanyuejian
大模型攻击与传统攻击的进化图谱(二)
9 months ago
针对大模型的攻击并非总是直接破坏其内部结构或窃取数据,一种更为普遍且隐蔽的威胁来自于对其核心功能的滥用。攻击者可能并不试图“攻破”模型本身,而是将其强大的生成和理解能力作为工具,用于执行大规模的恶意或非预期活动。这种滥用直接利用了模型按设计提供的服务,但其目的却与良性应用背道而驰
CVE-2025-10815 | Tenda AC20 up to 16.03.08.12 HTTP POST Request /goform/SetPptpServerCfg strcpy startIp buffer overflow
9 months ago
A vulnerability categorized as critical has been discovered in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow.
This vulnerability is uniquely identified as CVE-2025-10815. The attack can be launched remotely. Moreover, an exploit is present.
vuldb.com
利用内核驱动实现安全软件进程终止技术研究
9 months ago
通过ZwTerminateProcess等内核API实现对360、火绒、Defender等安全软件进程的强制终止。
MetaCRM7-代码审计
9 months ago
有幸拿到了MetaCRM的源码,并且今年hw也爆出过很多洞了,简单看一下爆出来的漏洞
Submit #654460: tenda AC20 <= V16.03.08.12 (latest) Buffer Overflow [Accepted]
9 months ago
Submit #654460 / VDB-325173
Juana_2u
CVE-2025-10814 | D-Link DIR-823X 240126/240802/250416 /usr/sbin/goahead port command injection
9 months ago
A vulnerability was found in D-Link DIR-823X 240126/240802/250416. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/goahead. This manipulation of the argument port causes command injection.
This vulnerability is handled as CVE-2025-10814. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com
CVE-2025-10813 | code-projects Hostel Management System 1.0 index.php Home sql injection
9 months ago
A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected is an unknown function of the file /justines/admin/mod_reports/index.php. The manipulation of the argument Home results in sql injection.
This vulnerability is known as CVE-2025-10813. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2025-10812 | code-projects Hostel Management System 1.0 index.php?view=view ID sql injection
9 months ago
A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. This impacts an unknown function of the file /justines/admin/mod_amenities/index.php?view=view. The manipulation of the argument ID leads to sql injection.
This vulnerability is traded as CVE-2025-10812. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-10811 | code-projects Hostel Management System 1.0 index.php?view=view ID sql injection
9 months ago
A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This affects an unknown function of the file /justines/admin/mod_comments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection.
This vulnerability appears as CVE-2025-10811. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
Submit #654452: Dlink DIR-823x DIR-823x 250416, 240802, 240126 Command Injection [Accepted]
9 months ago
Submit #654452 / VDB-325172
wxy666
CVE-2025-10810 | Campcodes Online Learning Management System 1.0 /admin/edit_user.php firstname sql injection
9 months ago
A vulnerability has been found in Campcodes Online Learning Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/edit_user.php. Performing manipulation of the argument firstname results in sql injection.
This vulnerability is reported as CVE-2025-10810. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com