Aggregator

Submit #595473 / VDB-313302

Submit #595373 / VDB-313301

Submit #595366 / VDB-313300

Когда облако решает, кому жить, а кому «нарушил политику».

Submit #595364 / VDB-306696

A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. This affects an unknown part of the file /boa/formWSC. The manipulation of the argument targetAPSsid leads to os command injection. This vulnerability is uniquely identified as CVE-2025-6299. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

最近，Mandiant将ShinyHunters与最近针对Salesforce账户的活动联系起来，威胁者侵入账户窃取客户数据并勒索公司。

随着政务云、大数据、人工智能等技术的广泛应用，政务系统面临的威胁日益复杂，传统的合规性安全建设已无法满足动态防御需求。政务行业正逐步转向“主动防御、智能响应、持续运营”为主的安全体系，通过零信任架构、威胁情报、AI驱动的安全分析等技术，构建更弹性、更智能的安全防护能力。 嘶吼安全产业研究院基于2025网络安全产业图谱调研，通过对400+典型解决方案与案例的深度分析，从需求匹配度、实践成效、创新技术、应用价值等多维度展开综合评估。 调研分析发现，当前政务行业的安全建设呈现出几点显著特征：在需求层面，正从"合规达标"向"实战有效"转变。过去政务安全主要围绕等保2.0等合规要求展开，如今更关注攻击防御效果、业务连续性保障等实际能力。在技术层面，AI与安全的深度融合成为关键驱动力，机器学习、自动化响应等技术正大幅提升防护效能。在服务模式上，安全即服务的创新模式正在赋能中小政务机构实现专业化防护。 基于这些发现，我们将重点展示几个具有代表性的优秀安全解决方案，为政务行业的安全建设提供可借鉴的实践经验。 PS：解决方案展示排名不分先后，按企业简称首字母排序。

Submit #594650 / VDB-313299

A newly disclosed vulnerability in Cisco’s AnyConnect VPN implementation for Meraki MX and Z Series devices poses a significant risk to enterprise networks, enabling unauthenticated attackers to disrupt remote access by triggering denial-of-service (DoS) conditions. The flaw, tracked as CVE-2025-20271, carries a high CVSS score of 8.6, underscoring its potential to impact organizations that rely […]

The post Cisco AnyConnect VPN Flaw Allows Attackers to Launch DoS Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in code-projects Hostel Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /empty_rooms.php. The manipulation of the argument search_box leads to sql injection. This vulnerability is handled as CVE-2025-6296. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Hostel Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /allocated_rooms.php. The manipulation of the argument search_box leads to sql injection. This vulnerability is known as CVE-2025-6295. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact.php. The manipulation of the argument hostel_name leads to sql injection. This vulnerability is traded as CVE-2025-6294. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /contact_manager.php. The manipulation of the argument student_roll_no leads to sql injection. The identification of this vulnerability is CVE-2025-6293. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-6292. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6291. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Пока ты читаешь это, Telegram заливает сеть фальшивыми ракетами.

Submit #594016 / VDB-313298

Submit #593998 / VDB-313297

Submit #593997 / VDB-313296