Aggregator

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. It has been classified as critical. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument sessionPath causes os command injection. This vulnerability is registered as CVE-2025-15501. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8 and classified as critical. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command injection. This vulnerability is cataloged as CVE-2025-15500. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8 and classified as critical. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of the argument filename leads to os command injection. This vulnerability is listed as CVE-2025-15499. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

In 2026, writing code is no longer the hard part. AI can generate features, refactor services, and accelerate delivery at scale. Speed is now expected,...Read More

The post Why Senior Software Engineers Will Matter More (In 2026) in an AI-First World appeared first on ISHIR | Custom AI Software Development Dallas Fort-Worth Texas.

The post Why Senior Software Engineers Will Matter More (In 2026) in an AI-First World appeared first on Security Boulevard.

A dangerous malware threat has emerged targeting Windows users across Korea through webhard file-sharing services. The Ahnlab Security Intelligence Center recently identified xRAT, also known as QuasarRAT, being distributed as fake adult games to unsuspecting users. This remote access trojan represents a significant security concern for Windows systems, combining sophisticated evasion techniques with social engineering […]

The post xRAT Malware Attacking Windows Users Disguised as Adult Game appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, was found in KubeVirt. This affects an unknown part of the component Guest Agent Handler. Executing a manipulation can lead to denial of service. This vulnerability is tracked as CVE-2025-14525. The attack is only possible within the local network. No exploit exists.

Submit #727253 / VDB-340348

Submit #727217 / VDB-340347

Submit #727214 / VDB-340346

Submit #727208 / VDB-340345

Submit #727207 / VDB-340344