Aggregator

A vulnerability classified as critical was found in SSCMS 7.3.1. This vulnerability affects unknown code of the file /stl/actions/download?filePath. The manipulation leads to path traversal. This vulnerability was named CVE-2025-52237. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as critical was found in Ångström Distribution Project Narcissus. This vulnerability affects the function configure_image of the file backend.php. The manipulation of the argument release leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2012-10033. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Glossword up to 1.8.12. Affected is an unknown function of the file gw_admin.php of the component Administrative Interface. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is traded as CVE-2013-10067. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Модель можно скачать бесплатно, запускать на ноутбуке и адаптировать под себя.

欢迎投递简历！

当前环境出现异常，请完成验证后继续访问。

Microsoft has unveiled an autonomous artificial intelligence system capable of analyzing and classifying software without any human intervention. The prototype, named Project Ire, is designed to detect malicious code at scale. According to Microsoft...

The post Project Ire: Microsoft’s AI System That Hunts Malware Without Humans appeared first on Penetration Testing Tools.

The top spot in HackerOne’s global ranking is no longer held by a human, but by a machine. Behind the alias “XBOW” is not a living researcher, but an AI-driven system that has already...

The post Human Hackers Dethroned: An AI Takes Top Spot on HackerOne appeared first on Penetration Testing Tools.

Cursor软件存在远程代码执行漏洞（CVE-2025-54135），因允许未授权文件写入工作区，攻击者可利用MCP协议重写配置文件并注入恶意命令。该漏洞影响版本为1.2.1及以下，CVSS评分为8.6。建议用户升级至1.3.9及以上版本或关闭“Auto-Run”功能以缓解风险。

A vulnerability was found in DevaslanPHP project-management 1.2.4. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument Ticket Name leads to cross site scripting. This vulnerability is traded as CVE-2025-52203. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in CloudClassroom-PHP-Project 1.0/2.php. Affected by this issue is some unknown functionality of the file takeassessment2.php of the component POST Parameter Handler. The manipulation of the argument Q5 leads to sql injection. This vulnerability is handled as CVE-2025-50867. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Sielox AnyWare 2.1.2 and classified as critical. This vulnerability affects unknown code of the component Password Reset Handler. The manipulation of the argument email address leads to sql injection. This vulnerability was named CVE-2024-34327. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Nagios XI Graph Explorer up to 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file visApi.php. The manipulation of the argument host leads to os command injection. This vulnerability is handled as CVE-2012-10029. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-8436. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Microweber CMS 2.0. Affected by this vulnerability is an unknown functionality of the component User Profile Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-51503. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Marvell QConvergeConsole 5.5.0.78. Affected is the function compressConfigFiles. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-8426. It is possible to launch the attack remotely. There is no exploit available.

Trust in familiar IT tools is increasingly being weaponized by malicious actors: remote monitoring and management (RMM) solutions—originally designed for administration and support—are now leveraged for attacks, covert control, and data exfiltration. Security professionals...

The post Legitimate Tools, Malicious Intent: How Attackers Weaponize RMM Software appeared first on Penetration Testing Tools.

Chrome v139.0 更新导致部分用户出现黑屏、白屏或灰屏问题，疑似因破坏 OpenGL 兼容性所致。解决方法是禁用 GPU 调用并调整相关设置。目前谷歌尚未修复该问题，用户可暂时禁用硬件加速等待更新修复。

Google has released a series of urgent security updates for Android, addressing multiple critical vulnerabilities, including two actively exploited flaws within Qualcomm components. This round of patches places particular emphasis on CVE-2025-21479 (rated 8.6...

The post Urgent: Google Patches Actively Exploited Flaws in Android Devices appeared first on Penetration Testing Tools.

Flipper Zero的自定义固件可破解车辆的滚动代码安全系统。只需一次按键捕捉即可完全模拟车钥匙功能，并使原钥匙失灵。该攻击基于逆向工程或"RollBack"技术，在多个品牌车辆上有效，目前无简单修复方法。