Aggregator

A vulnerability classified as critical has been found in Siemens TeleControl Server Basic 3.1.2.1. Impacted is the function UpdateTraceLevelSettings. The manipulation leads to sql injection. This vulnerability is referenced as CVE-2025-32861. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens TeleControl Server Basic 3.1.2.1. It has been rated as critical. Impacted is the function UnlockTcmSettings. Performing manipulation results in sql injection. This vulnerability is reported as CVE-2025-32851. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Siemens TeleControl Server Basic up to 3.1.2.2. This affects the function LockTcmSettings. The manipulation results in sql injection. This vulnerability is known as CVE-2025-32850. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability described as critical has been identified in Siemens TeleControl Server Basic 3.1.2.1. Affected is the function LockOpcSettings. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2025-32854. The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Siemens TeleControl Server Basic 3.1.2.1. Affected by this issue is the function UnlockDatabaseSettings. Executing manipulation can lead to sql injection. The identification of this vulnerability is CVE-2025-32853. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability has been found in Siemens TeleControl Server Basic 3.1.2.1 and classified as critical. This issue affects the function LockDatabaseSettings. This manipulation causes sql injection. This vulnerability is tracked as CVE-2025-32852. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first.

A vulnerability categorized as critical has been discovered in Neojoomla Com Neorecruit 1.6.4. This affects an unknown function of the file index.php. The manipulation of the argument Itemid results in sql injection. This vulnerability was named CVE-2010-4995. The attack may be performed from a remote location. In addition, an exploit is available.

A vulnerability, which was classified as problematic, was found in Unisoft Com Mycar 1.0. Impacted is an unknown function of the file index.php. The manipulation of the argument modveh results in cross site scripting. This vulnerability is cataloged as CVE-2010-2147. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Unisoft Com Mycar 1.0 and classified as critical. The affected element is an unknown function of the file index.php. This manipulation of the argument pagina causes sql injection. This vulnerability is registered as CVE-2010-2148. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as problematic has been identified in Danieljamesscott Com Music 0.10. Impacted is an unknown function of the file album.html. Executing manipulation of the argument cid can lead to path traversal. This vulnerability is handled as CVE-2010-2857. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability, which was classified as critical, has been found in Focusdev Com Mv Restaurantmenumanager up to 1.5.2. This impacts an unknown function of the file index.php. Performing manipulation of the argument mid results in sql injection. This vulnerability is cataloged as CVE-2010-1468. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The highly sophisticated post-compromise tool abuses the Linux kernel's io_uring interface to remain hidden from endpoint detection and response systems.

笔者最近在了解ai相关的内容。pytorch作为深度学习领域极具影响力的框架，自然是避不开的。上网搜索pytorch相关的漏洞，网上大部分都是对于rpc框架反序列化漏洞和命令注入漏洞的公告。这两个漏洞评分都在9分网上，公开了一段时间了，但是poc寥寥无几，网上也没有对此的分析，而且其中一个漏洞的cve编号被撤销了，这引发了笔者的好奇心，遂开始以下分析探索。

阐述了多种加密解密算法（XOR、MD5、SHA - 1、Base 系列、AES、DES、RC4、RSA、SM4、TEA 系列等）以及编码技术的原理、特征与逆向识别方法。结合 x64dbg 等工具，通过简单密码破解、XOR 加密破解、与服务器验证交互的密码破解等实操案例，详细演示了逆向工程中对加密数据的分析与破解流程。同时，梳理出各加密算法在汇编层面的典型特征，形成加密算法逆向识别对比表，为逆向工程

介绍映像伪装常见的几种手法

学到这个 trick 的时候只能说，php 是最好的语言，还没有落幕，每次看到 php 的新 trick 都不得不为之震惊，如何没有 php 代码做到代码执行，实战价值很大，看下面分析 Deadsec 团队这次每一道题是真有东西

信呼OA最新版前台SQL注入披露与挖掘过程

xxl-job IDOR 0Day 漏洞挖掘

AI 最近几年大爆火，引出的漏洞也不少，这就来分析一下最近爆出的通过伪造恶意的 MCP 服务来造成的 RCE 漏洞，看到阿里云漏洞库的通报就来分析分析