Aggregator

看雪论坛作者ID：flyyyy

AI Agent的引入，标志着企业知识管理从被动查询迈入主动服务、智能执行的新阶段！

Submit #619279 / VDB-317099

A vulnerability was found in cpCommerce up to 1.0.9a. It has been rated as critical. This issue affects some unknown processing of the file manufacturer.php. The manipulation of the argument id_manufacturer leads to sql injection. The identification of this vulnerability is CVE-2007-2959. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Миллиарды корпоративных файлов перекочевали в даркнет из-за CVE-2025-54309.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

A vulnerability, which was classified as problematic, has been found in Gutentor Plugin up to 3.4.8 on WordPress. This issue affects some unknown processing of the component Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4685. The attack may be initiated remotely. There is no exploit available.

Get Q2 2025 Report Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q1 2025 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent to your […]

The post Malware Trends Report, Q2 2025: Know the Key Risks to Your Business appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in actions toolkit up to 2.1.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-42471. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. This vulnerability was named CVE-2025-7952. The attack can be initiated remotely. Furthermore, there is an exploit available.

2025年07月14日-2025年07月20日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

速速上车！

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7951. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

2019 年离婚、自新冠疫情以来基本上一直住在游轮上的 Valve 联合创始人 Gabe Newell 罕见的接受了一位 YouTube 主播 Zalkar Saliev 的采访，谈论了他的个人生活。62 岁的 Newell 称他在卧室工作一周工作七天。他说，自己起床、工作，潜水，然后再工作，再潜水或去健身，然后再继续工作。他说自己不是被迫加班，而是做自己感觉有趣的东西。他的工作内容包括了 AI、Steam、研究气溶胶病原体检测装置、脑机接口等等。他控制了 Valve 50.1% 的股份，净资产大约 100 亿美元。

A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. This vulnerability is handled as CVE-2025-7950. The attack may be launched remotely. Furthermore, there is an exploit available.

企业屡屡遭遇相同的安全漏洞，这些漏洞是什么？又该如何解决呢？

Submit #619319 / VDB-317098

上周关注度较高的产品安全漏洞(20250714-20250720)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞620个，其中高危漏洞272个、中危漏洞302个、低危漏洞46个。

0x01 前言 下午，一个老朋友发来一批资产让我找个有效漏洞，原因是厂商弄活动，提交有效漏洞可获取