Aggregator

CVE-2017-6087 | EyesOfNetwork up to 5.0 ged_functions.php acknowledge/delete/ownDisown selected_events[] code injection (EDB-41746 / BID-97109)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in EyesOfNetwork up to 5.0. This affects the function acknowledge/delete/ownDisown of the file module/monitoring_ged/ged_functions.php. Executing manipulation of the argument selected_events[] as part of Shell Metacharacter can lead to code injection. This vulnerability appears as CVE-2017-6087. The attack may be performed from a remote location. In addition, an exploit is available.
vuldb.com

CVE-2017-6088 | EyesOfNetwork up to 5.0 ged_functions.php bp_name/display/search/equipment/type sql injection (EDB-41747 / BID-97084)

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as critical, has been found in EyesOfNetwork up to 5.0. This vulnerability affects unknown code of the file module/monitoring_ged/ged_functions.php. Performing manipulation of the argument bp_name/display/search/equipment/type results in sql injection. This vulnerability is reported as CVE-2017-6088. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com

CVE-2017-17616 | Event Search Script 1.0 /event-list city sql injection (ID 145306 / EDB-43279)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Event Search Script 1.0. It has been declared as critical. This issue affects some unknown processing of the file /event-list. Executing manipulation of the argument city as part of Parameter can lead to sql injection. This vulnerability is registered as CVE-2017-17616. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

INC

Dark Feed IO
1 month 1 week ago

You must login to view this content

cohenido

美国将限制留学生和记者签证有效期

Solidot
1 month 1 week ago
美国国土安全部公布了事实上收紧对外国留学生和媒体人士发放签证的修正案。面向学生的“F”签证和面向参加文化交流项目研究人员等的“J”签证的有效期限一般最长可达 5 年。目前原则上可以在美国停留至毕业或项目结束,修正案将其缩短至 4 年。面向媒体人士的“I”签证目前期限为5年,之后可以多次申请延期。修正案将允许停留的期限定为 240 天,中国人则为 90 天。如果修正案成为现实,将对全世界产生广泛影响。美国国土安全部将在30天内接受公众意见。

CVE-2024-13986 | Nagios XI up to 2024R1.3.1 Config Snapshots Interface unrestricted upload (EUVD-2024-54929)

Vuldb Updates
1 month 1 week ago
A vulnerability classified as critical was found in Nagios XI up to 2024R1.3.1. The impacted element is an unknown function of the component Config Snapshots Interface. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2024-13986. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.
vuldb.com

Feds Seize $6.4M VerifTools Fake-ID Marketplace, but Operators Relaunch on New Domain

The Hackers News
1 month 1 week ago
Authorities from the Netherlands and the United States have announced the dismantling of an illicit marketplace called VerifTools that peddled fraudulent identity documents to cybercriminals across the world. To that end, two marketplace domains (verif[.]tools and veriftools[.]net) and one blog have been taken down, redirecting site visitors to a splash page stating the action was undertaken by
The Hacker News

PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input

Cyber Security News
1 month 1 week ago

A high-severity Server-Side Request Forgery (SSRF) vulnerability has been identified in the widely used PhpSpreadsheet library, potentially allowing attackers to exploit internal network resources and compromise server security.  The vulnerability, tracked as CVE-2025-54370, affects multiple versions of the phpoffice/phpspreadsheet package and carries a CVSS v4.0 score of 8.7. Key Takeaways1. SSRF in PhpSpreadsheet’s Worksheet\Drawing::setPath via […]

The post PhpSpreadsheet Library Vulnerability Enables Attackers to Feed Malicious HTML Input appeared first on Cyber Security News.

Florence Nightingale

Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript

Cyber Security News
1 month 1 week ago

Nagios XI, a widely-deployed network monitoring solution, has addressed a critical cross-site scripting (XSS) vulnerability in its Graph Explorer feature that could enable remote attackers to execute malicious JavaScript code within users’ browsers.  The security flaw was patched in version 2024R2.1, released on August 12, 2025, following responsible disclosure by security researcher Marius Lihet. Key […]

The post Nagios XSS Vulnerability Let Remote Attackers to Execute Arbitrary JavaScript appeared first on Cyber Security News.

Florence Nightingale

New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware

Cyber Security News
1 month 1 week ago

A sophisticated new Mac malware campaign has emerged, targeting users through a deceptive PDF conversion website that conceals a dangerous two-stage payload. The malware, dubbed “JSCoreRunner,” represents a significant evolution in macOS threats, demonstrating how cybercriminals are adapting their techniques to bypass Apple’s security measures while maintaining zero detection rates on major security platforms. The […]

The post New Mac Malware Dubbed ‘JSCoreRunner’ Weaponizing PDF Conversion Site to Deliver Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

基于优化推理的人工智能智能体漏洞注入与转换

Seebug Paper
1 month 1 week ago
作者:Amine Lbath, Massih-Reza Amini, Aurelien Delaitre, Vadim Okun 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2508.20866v1 摘要 软件系统复杂度的不断提升以及网络攻击手段的日益精密,凸显了高效自动化漏洞检测与修复系统的关键需求。静态程序分析等传统方法在可扩展性、适应性以及...

CVE-2025-9606 | Portabilis i-Educar up to 2.10 agenda_preferencias.php cod_agenda sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Portabilis i-Educar up to 2.10. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. This vulnerability was named CVE-2025-9606. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com

CVE-2025-9607 | Portabilis i-Educar up to 2.10 Tabelas de Arredondamento Page view ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability categorized as critical has been discovered in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /module/TabelaArredondamento/view of the component Tabelas de Arredondamento Page. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-9607. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-9608 | Portabilis i-Educar up to 2.10 Formula de Cálculo de Média Page view ID sql injection

Vuldb Updates
1 month 1 week ago
A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/FormulaMedia/view of the component Formula de Cálculo de Média Page. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9608. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

TransUnion Hack Exposes 4M+ Customers Personal Information

Cyber Security News
1 month 1 week ago

TransUnion, one of the nation’s three major credit reporting agencies, has disclosed a significant data breach that exposed the personal information of more than four million U.S. customers. The company is now alerting affected individuals about the cyber incident, which involved unauthorized access to data stored on a third-party application. On July 28, 2025, TransUnion […]

The post TransUnion Hack Exposes 4M+ Customers Personal Information appeared first on Cyber Security News.

Florence Nightingale

Managed ad