Aggregator

A vulnerability has been found in Apple iOS up to 10.3.1 and classified as problematic. This vulnerability affects unknown code of the component WebKit. The manipulation leads to cross site scripting (Universal). This vulnerability was named CVE-2017-2510. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Insurance company Allianz Life has confirmed that the personal information for the "majority" of its 1.4 million customers was exposed in a data breach that occurred earlier this month. [...]

Name: Shakti CTF 2025 (an Shakti CTF event.)
Date: July 25, 2025, 12:30 p.m. — 26 July 2025, 12:30 UTC  [add to calendar]
Format: Jeopardy
On-site
Offical URL: https://ctf.teamshakti.in/
Rating weight: 34.10
Event organizers: TeamShakti

A vulnerability was found in Salesforce Tableau Server on Windows/Linux. It has been rated as critical. This issue affects some unknown processing of the component EPS Server Module. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-52455. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linkify up to 4.3.1. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-8101. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in haxtheweb haxcms up to 11.0.13. It has been rated as critical. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2025-54378. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in dbgate up to 6.4.3-beta.8/6.4.3-prem. This issue affects some unknown processing of the component Path Handler. The manipulation of the argument File leads to path traversal: '\..\filename'. The identification of this vulnerability is CVE-2025-50184. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Opencast up to 17.5. This vulnerability affects unknown code of the component XML File Parser. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-54380. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in skops-dev skops up to 0.11.0. It has been classified as critical. Affected is an unknown function. The manipulation leads to insufficient type distinction. This vulnerability is traded as CVE-2025-54412. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in skops-dev skops up to 0.11.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to insufficient type distinction. This vulnerability is known as CVE-2025-54413. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in astronomer dag-factory up to 0.23.0a8. This affects the function pull_request_target. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-54415. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in tj-actions branch-names up to 8.x. Affected is an unknown function. The manipulation leads to command injection. This vulnerability is traded as CVE-2025-54416. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in TecharoHQ anubis up to 1.21.2 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2025-54414. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in dbgate up to 6.6.0 and classified as problematic. This vulnerability affects unknown code of the file /runners/load-reader of the component Application Interface. The manipulation leads to path traversal: '\..\filename'. This vulnerability was named CVE-2025-50185. The attack can be initiated remotely. There is no exploit available.

分析显示，今天的环法自行车选手已经超越了兴奋剂时代的阿姆斯特朗（Lance Armstrong）。去年环法自行车赛的一个山地赛段中 Tadej Pogacar 在近 40 分钟内的功率输出约 7瓦/千克。Jonas Vingegaard 曾在近 15 分钟内功率输出超过 7瓦/千克。相比下，阿姆斯特朗在 20 年前靠兴奋剂实现了 6瓦/千克的功率输出，他完成路段的时间比今天的顶尖选手慢。阿姆斯特朗靠服用兴奋剂从 1999 年到 2005 年连续七次获得环法自行车赛冠军。于 2012年 被取消自 1998 年 8 月之后的所有成绩，被终身禁赛。今天的选手表现更出色源于技术进步：每位选手都使用提供实时性能数据的功率计；营养摄入使用精确测量的食物摄入量持续补充热量；自行车使用风洞测试以降低阻力系数，等等。

A vulnerability classified as critical has been found in 299Ko CMS 2.0.0. This affects an unknown part of the file /admin/filemanager/view of the component File Management. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-8265. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Memory Usage Plugin up to 3.98 on WordPress. It has been rated as problematic. Affected by this issue is the function wpmemory_install_plugin. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2025-8104. The attack may be launched remotely. There is no exploit available.

Submit #617651 / VDB-317853

A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. This vulnerability is known as CVE-2025-8263. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #617609 / VDB-284525