Aggregator

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 19

Currently trending CVE - Hype Score: 21

Currently trending CVE - Hype Score: 29 - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 26 - A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The ...

Currently trending CVE - Hype Score: 26 - An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. ...

Currently trending CVE - Hype Score: 1 - Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.

Currently trending CVE - Hype Score: 68 - A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code ...

本文章中所有内容仅供学习交流，严禁用于商业用途和非法用途，否则由此产生的一切后果均与文章作者无关。前言记录在某次演练的过程中一个有趣的记录。案例还是开局一个登录框，先看看是什么指纹发现是Vue的就先偏向去测试接口。就在findsomething上先看看有没有一些有用的接口,看到这一段接口就有点未授权的味道了。先用Vue Crack看看有没有一些未授权的路径进去看看还真有东西，这个插件使用起来也是非

A vulnerability marked as critical has been reported in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. This vulnerability is known as CVE-2025-14643. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /update_subject.php. Executing manipulation of the argument ID can lead to sql injection. This vulnerability is handled as CVE-2025-14644. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-14645. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. This vulnerability was named CVE-2025-14646. The attack may be performed from remote. In addition, an exploit is available.

先知安全沙龙第11场 - 近源渗透在红队实战中的落地

先知安全沙龙第11场 - AI应用安全攻防实录

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅