Aggregator

当前环境出现异常，需完成验证后才能继续访问。

A newly discovered vulnerability in Windows Server 2025—dubbed Golden dMSA—poses a grave risk of widespread compromise across entire Active Directory infrastructures, according to a technical report published by enterprise cybersecurity firm Semperis. The issue...

The post Golden dMSA: Critical Windows Server 2025 Flaw Allows Full Active Directory Takeover appeared first on Penetration Testing Tools.

A recent data breach has exposed a critical vulnerability in the systems of Paradox.ai, the developer behind AI-powered chatbots used in recruitment processes at McDonald’s and other Fortune 500 corporations. The cause of this...

The post Paradox.ai Data Breach: “123456” Password & Nexus Stealer Expose Fortune 500 Clients appeared first on Penetration Testing Tools.

A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-7747. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The manipulation of the argument city leads to sql injection. The identification of this vulnerability is CVE-2025-7749. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of the argument clinic leads to sql injection. This vulnerability is traded as CVE-2025-7750. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. This vulnerability is known as CVE-2025-7751. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The manipulation of the argument did leads to sql injection. This vulnerability is handled as CVE-2025-7752. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation of the argument Username leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7753. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Fortinet FortiWeb up to 7.0.10/7.2.10/7.4.7/7.6.3. It has been classified as critical. Affected is an unknown function of the component HTTP Request Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-25257. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in TOTOLINK A3300R 17.0.0cu.596_B20250515. Affected is the function sub_4197C0. The manipulation of the argument desc leads to command injection. This vulnerability is traded as CVE-2025-52046. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in nbcio-boot 1.0.3. It has been classified as critical. This affects an unknown part of the file /sys/user/deleteRecycleBin. The manipulation of the argument userIds leads to sql injection. This vulnerability is uniquely identified as CVE-2025-50240. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-7756. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation of the argument itr_no leads to sql injection. This vulnerability was named CVE-2025-7754. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was suspected in Node.js up to 20.18.1/22.13.0/23.6.0. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all.

一种名为"Scanception"的复杂钓鱼攻击通过在PDF附件中嵌入QR码窃取用户凭证。该攻击利用多阶段策略和规避技术绕过安全检测，并结合社会工程学手段诱导受害者提供敏感信息和多因素认证数据。

这篇文章回顾了2024年Godot引擎及其社区的发展与成就，包括游戏jam提交量创新高、基金会团队扩大、行业奖项认可、技术更新（如2D物理插值、3D物理插值等）、跨平台支持扩展以及社区活动亮点。文章还介绍了Godot 4.3和4.4版本的技术改进，并感谢了社区贡献者和用户的支持。

TSforge 工具可免费为个人用户提供 3 年 Windows 10 ESU 扩展安全更新服务。该工具通过模拟企业版 ESU 实现无需付费或积分兑换的操作流程简便支持 Windows 10 用户持续获得安全更新直至 2025 年 10 月后转为 ESU 渠道推送补丁。

Name: HITCON Cyber Range 2025 Quals (an HITCON Cyber Range event.)
Date: July 18, 2025, 2 a.m. — 18 July 2025, 15:59 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://hitcon.kktix.cc/events/hitcon-cyberrange-2025
Rating weight: 0.00
Event organizers: HITCON