Aggregator

A vulnerability was found in Salesforce Tableau Server on Windows/Linux. It has been declared as critical. This vulnerability affects unknown code of the component Amazon S3 Connector Module. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2025-52454. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.8. It has been declared as problematic. This vulnerability affects the function device_shutdown of the component virtio. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-38064. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

图片：缅甸克钦地区稀土开采呈爆炸式增长，成为全球最大的稀土供应地。2025年7月，一则重磅消息震撼国际矿业圈

图：2025年7月，一架俄罗斯安-148军用客机（注册号RA-61735）降落平壤，成为疫情后俄朝之间罕见的军

A vulnerability classified as critical has been found in AI Engine Plugin 2.9.3/2.9.4 on WordPress. This affects the function rest_simpleFileUpload. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-7847. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Customer Reviews for WooCommerce Plugin up to 5.80.2 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation of the argument Author leads to cross site scripting. This vulnerability is traded as CVE-2025-5720. It is possible to launch the attack remotely. There is no exploit available.

作者投资4万美元启动无桩电动滑板车业务,获得城市运营许可并开发相关软件,但因城市突然撤走车辆,失去设备和软件支持,导致车辆闲置多年,现寻求重新编程或改装以恢复使用。

Он не оставляет следов. Не просит разрешения. Просто берёт.

Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to Cynomi’s 2025 State of the Virtual CISO report, 67% of MSPs and MSSPs now offer vCISO services, up from just 21% in 2024. This sharp increase aligns with the previous year’s predictions, when nearly three-quarters of non-adopters stated they planned to launch these services by the end … More →

The post AI is changing the vCISO game appeared first on Help Net Security.

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Muhammad Fadilullah Dzaki' was reported to the affected vendor on: 2025-07-31, 55 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus (@gothburz), Brandon Niemczyk of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-07-31, 55 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H severity vulnerability discovered by 'oriotie' was reported to the affected vendor on: 2025-07-31, 26 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kevin Salapatek of Trend Research' was reported to the affected vendor on: 2025-07-31, 55 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N severity vulnerability discovered by 'Ryota Shiga (GMO Flatt Security Inc.) with takumi-san.ai' was reported to the affected vendor on: 2025-07-31, 55 days ago. The vendor is given until 2025-11-28 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

ZTEジャパン株式会社が提供するZXHN-F660TおよびZXHN-F660Aには、機器共通の認証情報が設定されています。

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting. This vulnerability is handled as CVE-2025-8346. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools, are now the fastest-growing source of security risk in enterprise environments. Non-human identity risk fuels rising secret exposures Between January and June 2025, Entro saw a 44% year-over-year increase in NHIs. These machine identities now … More →

The post Secrets are leaking everywhere, and bots are to blame appeared first on Help Net Security.

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. This vulnerability is known as CVE-2025-8327. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. This vulnerability is handled as CVE-2025-8328. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.