Aggregator

该文章描述了一个针对WordPress插件“Birth Chart Compatibility”2.0版本的全路径泄露漏洞（CVE-2025-6082），通过发送HTTP GET请求触发PHP错误以获取服务器文件路径，可能用于进一步攻击。

StoryChief WordPress插件1.0.42版本存在任意文件上传漏洞（CVE-2025-7

该文章介绍了一个针对Ivanti Endpoint Manager Mobile 12.5.0.0的漏洞利用脚本，涉及两个关键漏洞：CVE-2025-4427（表达式注入导致RCE）和CVE-2025-4428（认证绕过）。脚本支持检测漏洞、执行命令以及绕过管理员权限，适用于版本低于2025.1的系统。

代码的副作用，正在干扰你的系统！

拼多多 Q2 营收 1040 亿元，经调净利润 327 亿元；SpaceX「星舰」8 月 25 日将再次试飞；2025 电竞世界杯闭幕，中国三队跻身前十

Internet intelligence firm GreyNoise reports that it has recorded a significant spike in scanning activity consisting of nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals in unison, suggesting a coordinated reconnaissance campaign. [...]

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

A vulnerability was found in Trend Micro Apex One and Apex One as a Service. It has been rated as critical. Affected by this vulnerability is an unknown functionality of the component LogServer. Performing manipulation results in link following. This vulnerability is known as CVE-2024-52050. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Trend Micro Apex One and Apex One as a Service. Affected by this issue is some unknown functionality of the component Engine. Executing manipulation can lead to link following. This vulnerability is handled as CVE-2024-55631. It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Trend Micro Apex One and Apex One as a Service. This affects an unknown part. The manipulation leads to origin validation error. This vulnerability is uniquely identified as CVE-2024-55917. Local access is required to approach this attack. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Trend Micro Apex One and Apex One as a Service. This vulnerability affects unknown code of the component Security Agent. The manipulation results in link following. This vulnerability was named CVE-2024-55632. The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.

A vulnerability described as critical has been identified in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. This affects an unknown function of the file /doc.html. Executing manipulation can lead to improper authorization. The identification of this vulnerability is CVE-2024-13109. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. This impacts an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java， of the component Exam Answer Handler. The manipulation leads to information disclosure. This vulnerability is referenced as CVE-2024-13110. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation results in improper authentication. This vulnerability is identified as CVE-2024-13111. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability described as problematic has been identified in Drupal Open Social up to 12.3.7/12.4.4. This vulnerability affects unknown code. The manipulation results in improper control of interaction frequency. This vulnerability is known as CVE-2024-13274. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as problematic, has been found in Wavlink AC3000 M33A8.V5030.210505. This affects the function set_lang_CountryCode of the file login.cgi. This manipulation causes basic cross site scripting. This vulnerability is tracked as CVE-2024-39363. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in snowflakedb snowflake-connector-python up to 3.13.0. This affects an unknown function of the component snowflake.connector.pandas_tools. Executing manipulation can lead to sql injection. This vulnerability is handled as CVE-2025-24793. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in snowflakedb snowflake-connector-python up to 3.13.0 on Linux and classified as critical. This impacts an unknown function. The manipulation leads to incorrect default permissions. This vulnerability is uniquely identified as CVE-2025-24795. Local access is required to approach this attack. No exploit exists. The affected component should be upgraded.

A vulnerability was found in snowflakedb snowflake-connector-python up to 3.13.0 and classified as critical. Affected is an unknown function. The manipulation results in deserialization. This vulnerability was named CVE-2025-24794. The attack needs to be approached locally. There is no available exploit. It is suggested to upgrade the affected component.