Aggregator

Submit #510705 / VDB-298558

Submit #510696 / VDB-298557

A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument username leads to sql injection. This vulnerability is known as CVE-2025-1954. The attack can be launched remotely. Furthermore, there is an exploit available.

Boston and Tel Aviv, United States, 4th March 2025, CyberNewsWire

The post Hunters Announces New AI Capabilities with Pathfinder AI for Smarter SOC Automation appeared first on Security Boulevard.

Submit #510689 / VDB-298556

Submit #510360 / VDB-298555

A vulnerability was found in t0mer BroadlinkManager 5.9.1. It has been classified as critical. Affected is an unknown function of the file /device/ping. The manipulation of the argument IP Address leads to os command injection. This vulnerability is traded as CVE-2025-26320. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in Kingsoft WPS Office 12.1.0.18276 on Windows and classified as problematic. This issue affects some unknown processing in the library ksojscore.dll of the component Digital Signature Handler. The manipulation leads to improper verification of cryptographic signature. The identification of this vulnerability is CVE-2024-11957. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Uniguest Tripleplay up to 24.2.0 and classified as critical. This vulnerability affects unknown code of the component HTTP POST Request Handler. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-50704. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in PocketBook InkPad Color 3 U743k3.6.8.3671. This affects an unknown part. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2025-1424. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in PocketBook InkPad Color 3 U743k3.6.8.3671 on Linux. Affected by this issue is some unknown functionality of the component File Content Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2025-1425. It is possible to launch the attack on the physical device. There is no exploit available.

他们打电话到梵蒂冈，说自己是基辛格，要和教皇通电话，梵蒂冈还是半夜三更，接电话的人都准备去叫醒教皇了，他们憋不住笑场了。后来这两位成立了一个听起来像卖水果的公司，叫苹果

The value of open source is undeniable — 90% of all modern software development depends on it. According to Harvard Business School, in 2024 alone, more than 6 trillion open source software components were downloaded, representing almost $9 trillion in value to users.

The post The hidden threat: Tackling malware in your software supply chain appeared first on Security Boulevard.

Author/Presenter: Thomas Boejstrup Johansen

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – War Stories – Why Are You Still Using My Server For Your Internet Access appeared first on Security Boulevard.

A vulnerability classified as critical was found in Uniguest Tripleplay up to 24.2.0. Affected by this vulnerability is an unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument X-Forwarded-For leads to Remote Code Execution. This vulnerability is known as CVE-2024-50707. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Rack up to 2.2.11/3.0.12/3.1.10. Affected is the function Rack::Sendfile of the component Header Handler. The manipulation of the argument X-Sendfile-Type leads to crlf injection. This vulnerability is traded as CVE-2025-27111. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

今日暂未更新资讯~
更多最新文章，请访问SecWiki