Aggregator

A vulnerability was found in LiquidFiles up to 4.1.1 and classified as very critical. Affected by this issue is some unknown functionality of the component Actionscript Feature. The manipulation leads to incorrect permission assignment. This vulnerability is handled as CVE-2025-46093. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Axelor 5.2.4 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument _domain leads to sql injection. This vulnerability is known as CVE-2025-50341. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in SOGo Web Mail up to 5.6.0. Affected is an unknown function. The manipulation leads to improper control of resource identifiers. This vulnerability is traded as CVE-2025-50340. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Cyber Ghost VPN. This issue affects some unknown processing of the file CyberGhostVPNSetup.exe of the component Installer. The manipulation leads to improper verification of cryptographic signature. The identification of this vulnerability is CVE-2025-51726. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical was found in GitKraken Desktop 10.8.0/11.1.0. This vulnerability affects unknown code of the component Electron Fuse Handler. The manipulation leads to code injection. This vulnerability was named CVE-2025-51387. The attack can be initiated remotely. There is no exploit available.

Технология, которая работает уже сегодня, обещает изменить жизнь каждого человека на планете.

A vulnerability classified as problematic has been found in Unisite CMS 5.0. This affects an unknown part of the component Report. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-50754. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in cconard96 glpi-screenshot-plugin up to 2.0.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax/screenshot.php. The manipulation leads to file inclusion. This vulnerability is handled as CVE-2025-54780. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ADOdb up to 5.22.9. It has been declared as critical. Affected by this vulnerability is the function metaColumns/metaForeignKeys/metaIndexes of the component Table Name Handler. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-54119. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

微信视频号带货研究

A vulnerability was found in EspoCRM up to 9.1.6. It has been classified as problematic. Affected is an unknown function of the component Router Cache. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2025-52892. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in pyload up to 0.5.0b3.dev89 and classified as critical. This issue affects some unknown processing of the component Addcrypted Endpoint. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-54802. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

同样也是几年前的项目了，可配合一键debug开启使用。 项目地址:https://github.com/Try […]

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.

A sophisticated new Android malware campaign has emerged targeting Indian banking customers through convincing impersonations of popular financial applications. The malicious software masquerades as legitimate apps from major Indian financial institutions, including SBI Card, Axis Bank, Indusind Bank, ICICI, and Kotak, deceiving users into downloading fake applications that steal sensitive financial information. The malware operates […]

The post New Android Malware Mimics as SBI Card, Axis Bank Apps to Steal Users Financial Data appeared first on Cyber Security News.

分享一下几年前写的一个项目(点个免费的Star即可)。 项目地址: https://github.com/Tr […]

CDN 服务商 Cloudflare 指责 AI 搜索引擎公司 Perplexity 使用隐蔽策略绕过网站禁止抓取的指令。Cloudflare 称它收到了客户的投诉，客户通过 robots.txt 以及 Web 应用防火墙屏蔽了 Perplexity 的搜索爬虫，然而尽管采取了这些措施 Perplexity 的爬虫仍然继续访问网站内容。Cloudflare 随后展开了调查，发现当 Perplexity 注意到 robots.txt 或防火墙规则屏蔽其爬虫后，它会使用一个隐蔽的机器人爬虫，使用一系列策略掩盖其活动。此举意味着 Perplexity 违反了实施了 30 多年的互联网规范。

Dynamic Application Security Testing (DAST) is a black-box security testing method that analyzes running applications for vulnerabilities by emulating real-world attacks against their exposed interfaces. Instead of analyzing source code, DAST using manual and automated tools interact with a live deployment of the application (web app, APIs, mobile backend, etc.) and inject malicious payloads to […]

The post How Can Dynamic Application Security Testing (DAST) Help Your Organization? appeared first on Kratikal Blogs.

The post How Can Dynamic Application Security Testing (DAST) Help Your Organization? appeared first on Security Boulevard.

A critical vulnerability chain in NVIDIA’s Triton Inference Server that allows unauthenticated attackers to achieve complete remote code execution (RCE) and gain full control over AI servers.  The vulnerability chain, identified as CVE-2025-23319, CVE-2025-23320, and CVE-2025-23334, exploits the server’s Python backend through a sophisticated three-step attack process involving shared memory manipulation. Key Takeaways1. CVE-2025-23319 chain […]

The post NVIDIA Triton Vulnerability Chain Let Attackers Take Over AI Server Control appeared first on Cyber Security News.

ИИ меняет свою цифровую внешность, чтобы обходить блокировки сайтов.