Aggregator

A vulnerability labeled as critical has been found in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. This vulnerability is traded as CVE-2025-10598. The attack may be launched remotely. Furthermore, there is an exploit available.

ManageEngine unveiled that its security information and event management (SIEM) solution, Log360, has been strengthened with a reengineered threat detection approach, in a major enhancement aimed at addressing the needs of security operations center (SOC) teams. Over 60% of SOC teams are overwhelmed with irrelevant threat data, of which a majority (53%) of cloud security alerts can be considered noise, according to the 2025 Threat Intelligence Benchmark study commissioned by Google. ManageEngine’s latest release bolsters … More →

The post ManageEngine enhances Log360 to reduce alert fatigue for SOC teams appeared first on Help Net Security.

ブラザー工業株式会社およびそのOEMベンダーが提供する複数の製品では、初期設定における管理者パスワードは製品のシリアル番号から容易に導出可能です。

A vulnerability identified as critical has been detected in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injection. This vulnerability appears as CVE-2025-10597. The attack may be initiated remotely. There is no available exploit. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

大模型安全避坑指南

A vulnerability categorized as critical has been discovered in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. This vulnerability is reported as CVE-2025-10596. The attack can be launched remotely. Moreover, an exploit is present.

A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems.  The vulnerability affects boot managers from 2005 to 2022 and can still be exploited on updated systems through downgrade attacks, posing significant risks to enterprise security. Key Takeaways1. Bitpixie lets attackers bypass BitLocker […]

The post Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges appeared first on Cyber Security News.

A vulnerability categorized as critical has been discovered in ABB 2.4 Display 55, 2.4 Display 63, RoomTouch 4 and BCU KNX. This affects an unknown function of the component KNX Bus-System. The manipulation results in improper access controls. This vulnerability was named CVE-2024-4008. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability identified as critical has been detected in zephyrproject-rtos Zephyr up to 3.6. This vulnerability affects the function adv_ext_report of the component HCI. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2024-6259. The attack needs to be done within the local network. There is no exploit available.

A vulnerability marked as critical has been reported in zephyrproject-rtos Zephyr up to 3.6. Impacted is the function rfcomm_handle_data of the component BT. Performing manipulation of the argument net_buf results in heap-based buffer overflow. This vulnerability is identified as CVE-2024-6258. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability described as critical has been identified in zephyrproject-rtos Zephyr up to 3.6. The affected element is the function get_att_search_list of the component BT. Executing manipulation can lead to out-of-bounds read. This vulnerability is tracked as CVE-2024-6137. The attack is only possible within the local network. No exploit exists.

A vulnerability classified as critical was found in zephyrproject-rtos Zephyr up to 3.6. This affects the function bap_broadcast_assistant of the component BT. The manipulation results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2024-5931. The attack must originate from the local network. There is no exploit available.

A vulnerability was found in WP Import Plugin up to 7.27 on WordPress. It has been rated as problematic. This vulnerability affects the function upload_function. The manipulation leads to denial of service. This vulnerability is traded as CVE-2025-10058. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability categorized as critical has been discovered in WP Import Plugin up to 7.28 on WordPress. The impacted element is the function write_to_customfile of the file customFunction.php. Such manipulation leads to code injection. This vulnerability is traded as CVE-2025-10057. The attack may be launched remotely. There is no exploit available.

Submit #649317 / VDB-324615

Submit #649316 / VDB-324614

Submit #649315 / VDB-324613

AMD工程师正在解决Linux内核对ACPI C4状态的支持问题，以使搭载AMD处理器的Linux笔记本电脑能够进入更深度的睡眠模式，从而节省电量并延长续航时间。

美国司法部重新判处22岁的Conor Fitzpatrick三年监禁，因其曾担任非法网络犯罪论坛BreachForums的管理员，并持有儿童性虐待材料。该论坛曾涉及大量被盗数据交易。Fitzpatrick此前因轻判引发争议后被上诉推翻。