Aggregator

Submit #648014 / VDB-323881

A vulnerability classified as critical was found in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. This vulnerability is documented as CVE-2025-10443. The attack can be executed remotely. Additionally, an exploit exists.

Submit #647887 / VDB-323880

Submit #647886 / VDB-323879

A vulnerability classified as critical has been found in Tenda AC9 and AC15 15.03.05.14. This affects the function formexeCommand of the file /goform/exeCommand. This manipulation of the argument cmdinput causes os command injection. This vulnerability is registered as CVE-2025-10442. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #647851 / VDB-323878

A vulnerability described as critical has been identified in D-Link DI-8100G, DI-8200G and DI-8003G 17.12.20A1/19.12.10A1. Affected by this issue is the function sub_433F7C of the file version_upgrade.asp of the component jhttpd. The manipulation of the argument path results in os command injection. This vulnerability is cataloged as CVE-2025-10441. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipulation of the argument hname leads to os command injection. This vulnerability is listed as CVE-2025-10440. The attack may be initiated remotely. In addition, an exploit is available.

Submit #647841 / VDB-257373

Submit #647840 / VDB-323877

Submit #647839 / VDB-323876

全球领先AI安全公司 Virtue AI 正在招聘｜Junior Member of Technical Staff

Submit #647838 / VDB-323876

Submit #647837 / VDB-323875

Submit #647835 / VDB-323874

A vulnerability labeled as problematic has been found in IBM PowerVM Hypervisor up to FW950.E0/FW1050.50/FW1060.40. Affected is an unknown function. Executing manipulation can lead to allocation of resources. This vulnerability is tracked as CVE-2025-36035. The attack is restricted to local execution. No exploit exists. The affected component should be upgraded.

A vulnerability identified as critical has been detected in LG Electronics AC Smart II 2.1.9. This impacts an unknown function. Performing manipulation results in missing authentication. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2025-10204. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability categorized as problematic has been discovered in IBM QRadar SIEM up to 7.5 UP13 IF01. This affects an unknown function of the component Configuration File Handler. Such manipulation leads to incorrect permission assignment. This vulnerability is referenced as CVE-2025-0164. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.

Submit #647622 / VDB-323864

2025 年度的拉斯克医学奖公布了获奖名单。 基础医学研究奖授予了德国马普研究所的 Dirk Görlich 博士以及美国得克萨斯大学西南医学中心的 Steven L.McKnight 博士，以表彰他们在揭示细胞内蛋白质运输与细胞组织构成新机制方面的开创性贡献。他们的研究聚焦于蛋白质序列中的低复杂度结构域（LCDs），这类结构域由少数种类氨基酸构成，曾被认为难以承担重要生物学功能。然而，真核生物中约 15%-20% 的蛋白质含有此类序列。两人的研究揭示，这些“无序”结构域能在细胞内形成高度有序的组装体，参与调控物质运输与细胞功能组织，为理解细胞内部复杂运作提供了全新视角。
临床医学研究奖授予了美国爱荷华大学的 Michael J.Welsh 博士、曾任职于福泰制药的 Jesús (Tito)González 博士，以及现任福泰制药科学家 Paul A.Negulescu 博士，以表彰他们在囊性纤维化创新疗法开发中的关键作用。三人共同推动的三联药物疗法 Trikafta 彻底改变了一种致命遗传病的治疗格局，使大多数患者的生活质量显著提升，预期寿命接近正常人水平。
拉斯克医学科学特殊成就奖则授予斯坦福大学医学院的 Lucy Shapiro 博士，以表彰她在生物医学领域长达55年的卓越贡献。她的研究揭示了细菌如何在时空维度协调基因表达以实现细胞分化，她还创立了斯坦福大学发育生物学系，并长期为美国政府提供应对新型传染病的政策建议。