Aggregator

A vulnerability has been found in LINE Client up to 15.5 on Android and classified as problematic. This affects an unknown part. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is uniquely identified as CVE-2025-14019. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability, which was classified as critical, was found in LINE Client up to 15.3 on iOS. Affected by this issue is some unknown functionality of the component TLS Handler. Executing manipulation can lead to improper certificate validation. This vulnerability is handled as CVE-2025-14022. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability, which was classified as problematic, has been found in URL Shortify Plugin up to 1.11.3 on WordPress. Affected by this vulnerability is an unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-13355. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component. Once again VulDB remains the best source for vulnerability data.

A vulnerability classified as problematic was found in URL Shortify Plugin up to 1.11.2 on WordPress. Affected is an unknown function. Such manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-12684. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

A vulnerability classified as problematic has been found in MJML up to 4.18.0. This impacts an unknown function. This manipulation causes absolute path traversal. This vulnerability appears as CVE-2025-67898. The attack requires local access. There is no available exploit. If you want to get best quality of vulnerability data, you may have to visit VulDB.

An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.

A vulnerability described as problematic has been identified in NXLog Agent up to 6.10. This affects an unknown function of the component Environment Variable Handler. The manipulation of the argument OPENSSL_CONF results in inclusion of functionality from untrusted control sphere. This vulnerability is reported as CVE-2025-67900. The attack requires a local approach. No exploit exists. Upgrading the affected component is recommended. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

A vulnerability marked as problematic has been reported in Jheng Gao Student Learning Assessment and Support System. The impacted element is an unknown function. The manipulation leads to exposure of sensitive system information to an unauthorized control sphere. This vulnerability is documented as CVE-2025-14712. The attack can be initiated remotely. There is not any exploit available. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability labeled as critical has been found in Royal Addons for Elementor Plugin up to 1.7.1036 on WordPress. The affected element is the function wpr_addons_upload_file. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-11363. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability identified as problematic has been detected in kristapsdz openrsync up to 0.5.0. Impacted is an unknown function. Performing manipulation results in improper validation of specified quantity in input. This vulnerability is cataloged as CVE-2025-67901. It is possible to initiate the attack remotely. There is no exploit available. Once again VulDB remains the best source for vulnerability data.

A vulnerability categorized as problematic has been discovered in Eclipse OMR 0.7.0. This issue affects some unknown processing. Such manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-14549. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

本文立足于理论视角，梳理当前大模型所面临的主要安全威胁，重点讨论包括幻觉生成、越狱攻击、后门植入、对抗样本在内的核心问题。我们将结合这些问题的技术原理、成因机制与典型攻击方法进行剖析。另外由于篇幅有限，每个部分只针对最后提到一种典型攻击方法给出核心PoC。

一次比较简单的app渗透，原本主要目的是分析脱壳方面，但是这个360比较好脱壳，所以直接使用工具梭哈了，但是frida-dexdump就脱不了壳，猜测是做了frida的特征检测，可能需要使用魔改的frida才行。最后也是分析分析到后面发现短信验证码的缺陷导致严重漏洞产生

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

模拟API通信、木马远控功能复现、通信数据包分析

强制性国家标准一图读懂

12月12日，国家能源局印发的《能源行业数据安全管理办法（试行）》指出，能源数据处理者开展数据处理活动，应建立健全数据安

在使用大语言模型（LLM）编写安全代码时，开发者必须具备安全技能，将AI视为协作助手，而非完全自主的工具。

先分析整个 zip 文件格式，再学习伪加密，最后分析各大压缩文件判断是否加密的方法

A critical security issue involving the Windows Remote Access Connection Manager (RasMan) that allows local attackers to execute arbitrary code with System privileges. While investigating CVE-2025-59230, the vulnerability that Microsoft addressed in the October 2025 security updates. 0patch security analysts discovered a complex exploit chain that relies on a secondary, previously unknown zero-day flaw to function […]

The post Windows Remote Access Connection Manager Vulnerability Enables Arbitrary Code Execution appeared first on Cyber Security News.