Aggregator

Apple removed iCloud’s Advanced Data Protection in the UK after the government requested encryption backdoor access. Apple ends iCloud end-to-end encryption in the United Kingdom following the government’s request for encryption backdoor access. Advanced Data Protection is now unavailable for new UK users. In 2022, the IT giant introduced the optional setting Advanced Data Protection (ADP) […]

Submit #504316 / VDB-246423

从周五 1500GMT 开始，苹果英国用户打开 iCloud 后会收到一条错误信息，称苹果不再为新用户提供 Advanced Data Protection aka 端对端加密。现有用户的端对端加密功能将在稍后禁用。端对端加密意味着苹果也不知道用户在其云存储服务中储存了什么内容。本月早些时候有报道称英国政府要求苹果创建加密后门，英国内政部对这一报道拒绝证实或否认。关闭端对端加密意味着无需后门英国政府就能搜索 iCloud 中的内容。苹果在一份声明中表示它从未为产品创建后门，以后也永远不会。

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is traded as CVE-2025-1580. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions contradicting parameter names to be affected.

LotL, фишинг и повторные атаки – главные тренды киберинцидентов-2024 .

Submit #504234 / VDB-296556

Submit #504233 / VDB-247341

Submit #504232 / VDB-247341

Submit #504184 / VDB-243617

A vulnerability was found in BMLT Tabbed Map Plugin up to 1.1.8 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11866. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Google Android 8.1. Affected by this issue is the function buildImageItemsIfPossible of the file ItemTable.cpp. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2018-9429. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 7/7.1.1/7.1.2/8/8.1 and classified as critical. This vulnerability affects the function ihevcd_parse_slice_header of the file ihevcd_parse_slice_header.c. The manipulation leads to denial of service. This vulnerability was named CVE-2018-9423. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 7/7.1.1/7.1.2/8/8.1. It has been declared as critical. Affected by this vulnerability is the function handle_notification_response of the file btif_rc.cc. The manipulation leads to memory corruption. This vulnerability is known as CVE-2018-9413. The attack can be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Quick License Manager Plugin up to 2.4.15 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11805. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Samsung GamingHub and classified as problematic. Affected by this issue is some unknown functionality of the component WebView. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-49418. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Samsung GamingHub. Affected by this issue is some unknown functionality of the component WebView. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2024-49419. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argument email leads to cross site scripting. The identification of this vulnerability is CVE-2025-1579. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.