Aggregator

The AI products from Chinese company DeepSeek present unacceptable national security risks, Czechia said in banning the software from government use.

Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully exploited, could allow remote code execution on millions of transport vehicles from different vendors. The vulnerabilities, dubbed PerfektBlue, can be fashioned together as an exploit chain to run arbitrary code on cars from at least three major automakers,

A vulnerability was found in code-projects Modern Bag 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/login-back.php. The manipulation of the argument user-name leads to sql injection. This vulnerability is known as CVE-2025-7471. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been classified as critical. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is traded as CVE-2025-7470. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/product_add.php. The manipulation of the argument prod_name leads to sql injection. The identification of this vulnerability is CVE-2025-7469. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Tenda FH1201 1.2.0.14 and classified as critical. This vulnerability affects the function fromSafeUrlFilter of the file /goform/fromSafeUrlFilter of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. This vulnerability was named CVE-2025-7468. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Modern Bag 1.0. This affects an unknown part of the file /product-detail.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7467. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #610428 / VDB-316123

A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of the file /add_dealerrequest.php. The manipulation of the argument Name leads to sql injection. This vulnerability is handled as CVE-2025-7466. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #610420 / VDB-316122

Вы готовы к отдыху, где вас «захватят»?

A vulnerability classified as critical was found in Tenda FH1201 1.2.0.14. Affected by this vulnerability is the function fromRouteStatic of the file /goform/fromRouteStatic of the component HTTP POST Request Handler. The manipulation of the argument page leads to buffer overflow. This vulnerability is known as CVE-2025-7465. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #610408 / VDB-316121

Submit #610394 / VDB-316120

Submit #610392 / VDB-316119

Submit #610390 / VDB-316118

Submit #610389 / VDB-316117

A vulnerability classified as problematic has been found in osrg GoBGP up to 3.37.0. Affected is the function SplitRTR of the file pkg/packet/rtr/rtr.go. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-7464. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Submit #610260 / VDB-311322

Huawei will manage and store judicially authorized wiretaps in Spain, under a contract that bucks the trend of Western governments restricting use of the Chinese tech company's products and services.