Aggregator

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. Affected is an unknown function of the file /intranet/educar_raca_cad.php. The manipulation of the argument nm_raca leads to cross site scripting. This vulnerability is traded as CVE-2025-8543. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresas_cad.php. The manipulation of the argument fantasia/razao_social leads to cross site scripting. The identification of this vulnerability is CVE-2025-8542. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /intranet/public_uf_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability was named CVE-2025-8541. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10. It has been classified as problematic. This affects an unknown part of the file /intranet/public_municipio_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8540. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this issue is some unknown functionality of the file /intranet/public_distrito_cad.php. The manipulation of the argument nome leads to cross site scripting. This vulnerability is handled as CVE-2025-8539. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Portabilis i-Educar 2.10 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /usuarios/tipos/novo. The manipulation of the argument name/description leads to cross site scripting. This vulnerability is known as CVE-2025-8538. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8510. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE.

A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. This vulnerability is handled as CVE-2025-8509. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. This vulnerability is traded as CVE-2025-8507. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting. This vulnerability is known as CVE-2025-8508. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Woffice Core Plugin up to 5.4.26 on WordPress and classified as problematic. Affected by this issue is the function woffice_file_manager_delete. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-7694. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Alpine iLX-507 6.0.000. Affected is the function UPDM_wstpCBCUpdStart. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-8473. It is possible to launch the attack on the physical device. There is no exploit available.

Standoff 16 соберёт атакующих и защитников из разных стран.

Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to organizations worldwide as practical exploit code has already been discovered circulating in the wild. Vulnerability […]

The post Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Insyde H2O. Affected is an unknown function of the component SetupUtility. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-4410. The attack needs to be approached locally. There is no exploit available.

亚马逊成功发射24颗Kuiper互联网卫星，使其在轨数量达到102颗。为满足FCC要求，亚马逊计划于2029年前完成3236颗卫星发射，并已与各国政府签约，计划今年晚些时候开始商业服务。

在因天气原因四次推迟发射之后，亚马逊使用 SpaceX Falcon 9 火箭发射了 24 颗 Kuiper 互联网卫星，Kuiper 卫星星座在轨数量达到了 102 颗。SpaceX 是目前最大的低地球轨道卫星互联网提供商，其 Starlink 卫星星座总数约 8000 颗，在全世界有 500 万用户。为遵守 FCC(联邦通信委员会) 设定的最后期限，亚马逊正在加快发射 Kuiper 卫星。FCC 要求亚马逊到 2026 年 7 月底发射 1600 颗卫星，到 2029 年 7 月底完成 3236 颗卫星的发射。亚马逊从不同火箭公司预定了多达 83 次发射合同，其中三次是与竞争对手 SpaceX。虽然该公司的卫星星座处于早期阶段，亚马逊已经与各国政府签署了协议，希望今年晚些时候开始提供商业服务。

A vulnerability was found in Insyde H2O up to 05.71.20. It has been rated as critical. This issue affects the function Tcg2Smm. The manipulation leads to improper input validation. The identification of this vulnerability is CVE-2025-4277. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS free and cross-platform compatible. Design and build The drive comes with a compact carry case, a USB-C to USB-A adapter, and a quick start guide. It is enclosed in aircraft-grade aluminum alloy and sealed with tamper-resistant, tamper-evident uni-directional breakaway security fasteners that are driven and cemented … More →

The post Product showcase: Apricorn Aegis NVX, a high-security, portable SSD appeared first on Help Net Security.

A vulnerability was found in Insyde H2O up to 05.39.17/05.47.17/05.55.17/05.62.17/05.71.17. It has been declared as critical. This vulnerability affects unknown code of the component UsbCoreDxe. The manipulation leads to improper input validation. This vulnerability was named CVE-2025-4276. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.