Aggregator

A vulnerability labeled as problematic has been found in Cisco Firepower Management Center. This issue affects some unknown processing. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2024-20377. The attack may be performed from a remote location. There is no available exploit. The affected component should be upgraded.

A vulnerability described as critical has been identified in zhijiantianya ruoyi-vue-pro 2.4.1. Impacted is an unknown function of the file /admin-api/mp/material/upload-temporary of the component Material Upload Interface. Executing manipulation of the argument File can lead to path traversal. The identification of this vulnerability is CVE-2025-2743. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in Checkmk up to 2.1.0p50/2.2.0p40/2.4.0b1. This vulnerability affects unknown code. The manipulation results in session expiration. This vulnerability is reported as CVE-2025-2596. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability categorized as problematic has been discovered in Significant-Gravitas AutoGPT up to 0.6.0. This impacts an unknown function. Such manipulation leads to information disclosure. This vulnerability is documented as CVE-2025-31494. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability described as problematic has been identified in Checkmk up to 2.1.0p49/2.2.0p40/2.3.0p28. The impacted element is an unknown function. Executing manipulation can lead to sensitive information in log files. The identification of this vulnerability is CVE-2025-2092. The attack can only be executed locally. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Tenda RX3 16.03.13.11_multi. It has been declared as critical. This affects an unknown part of the file /goform/telnet. Executing manipulation can lead to command injection. The identification of this vulnerability is CVE-2025-4357. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in Bandisoft Bandizip up to 7.37. Impacted is an unknown function of the component Archived Files Handler. The manipulation results in inclusion of web functionality from an untrusted source. This vulnerability is reported as CVE-2025-33027. The attack can be launched remotely. No exploit exists.

A vulnerability was found in Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR and FortiCamera. It has been rated as critical. Affected is an unknown function of the component Hash Cookie Handler. Performing manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-32756. The attack is possible to be carried out remotely. Moreover, an exploit is present. Upgrading the affected component is advised.

Microsoft is rolling out a significant new administrative control feature in mid-September 2025 that will enable IT administrators to manage organization-wide sharing permissions for user-built Copilot agents.  The feature addresses growing enterprise concerns about governance and security in AI agent deployment across organizations. Key Takeaways1. Microsoft is introducing a tenant-level feature for managing Copilot agent […]

The post New Microsoft 365 Admin Feature Let Admins Control Link Creation Policies appeared first on Cyber Security News.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

CVE-2025-0282

一键加解密，让你像测试明文一样简单

针对 CVE-2025-32463代码跟踪

管伊佳ERP(原名华夏ERP)基于SpringBoot框架和SaaS模式并立志为中小企业提供开源好用的ERP软件，目前专注进销存+财务功能，主要模块有零售管理、采购管理、销售管理、仓库管理、财务管理、报表查询、系统管理等。支持预付款、收入支出、仓库调拨、组装拆卸、订单等特色功能，拥有库存状况、出入库统计等报表。同时对角色和权限进行了细致全面控制，精确到每个按钮和菜单

Currently trending CVE - Hype Score: 4 - Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.

AMD正逐步淘汰B650芯片组，转向B850作为AM5的主要平台。B850支持PCIe 5.0协议，提供更快的固态硬盘速度、更灵活的扩展能力和先进网络功能。预计未来几个季度内完成过渡并清空B650库存。

本文探讨了基于Tomcat的回显马技术，通过线程遍历和对象引用分析实现任意业务环境下的回显功能，并解决了Tomcat5的适配问题。利用JProfiler分析HeapDump对象引用链路以定位目标对象，并通过自动化测试验证代码的稳定性和兼容性。最终实现了跨版本通用的漂亮代码，并确保高并发场景下不影响正常业务。

外网：向日葵漏洞，免杀马，下载运行上线cs，开远程关防火墙，上线vshell，抓密码，开代理 ubuntu：thinkphp写入shell，绕过滤，ret127绕过命令执行，泄露ssh密钥 windows域：smb弱密码，wmiexec.py连接，定位域，开远程，域信息探测 域控：申请伪造票据，导入，smbexec.py连接

2025年7月22日，菲律宾总统马科斯高调访美，与老特在白宫共谋“印太安全大计”，一场针对我的战略围堵悄然拉