Aggregator

英格兰儿童事务专员 Rachel de Souza 表示，政府需要阻止儿童使用 VPN 绕过色情网站的年龄验证。她表示该漏洞需要堵上，呼吁 VPN 服务也要验证年龄。在 PornHub、Reddit 和 X 等网站开始对访问成人内容的英国用户验证年龄后，VPN 成为英国苹果 App Store 下载量最多的应用。对于限制 VPN 的评论，英国科学、创新和科技部发言人回应称，VPN 是成人使用的合法工具，目前没有禁止的计划。但如果平台故意向儿童推销 VPN 作为绕过年龄验证方法，将面临严厉执法和巨额罚款。

Северная Корея добавила GitHub в список союзников.

A vulnerability was found in appneta tcpreplay up to 4.5.2-beta2. It has been declared as problematic. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-9157. It is possible to launch the attack on the local host. Additionally, an exploit exists. Applying a patch is advised to resolve this issue.

South Yorkshire Police have been reprimanded by the ICO after deleting 96,000 pieces of evidence from officers’ bodycams

As AI adoption accelerates, businesses face hidden risks from third-party models like ChatGPT and Claude, including data leakage and malicious data infiltration. By implementing corporate AI tools and educating employees, companies can harness generative AI’s benefits while safeguarding sensitive data, compliance, and trust.

The post The Hidden Risks of External AI Models and How Businesses can Mitigate Them  appeared first on Security Boulevard.

Submit #630495 / VDB-320537

A vulnerability labeled as critical has been found in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share. Affected by this vulnerability is an unknown functionality of the component XE File Parser. The manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-52584. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium and Cobalt Share. Affected by this issue is some unknown functionality of the component VC6 File Parser. This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2025-46269. The attack can be initiated remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in WPC Smart Compare for WooCommerce Plugin up to 6.4.7 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2025-7496. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability identified as critical has been detected in Media Library Assistant Plugin up to 3.27 on WordPress. The affected element is the function _process_mla_download_file of the file /wp-content/uploads. Performing manipulation results in denial of service. This vulnerability is cataloged as CVE-2025-8357. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in Real Spaces Plugin up to 3.6 on WordPress. Affected is the function imic_agent_register. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-2025-6758. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Santesoft Sante PACS Server up to 4.2.2. This affects an unknown function of the component HL7 Message Handler. Such manipulation leads to double free. This vulnerability is traded as CVE-2025-53948. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability has been found in Santesoft Sante PACS Server up to 4.2.2 and classified as problematic. This impacts an unknown function. Performing manipulation results in cross site scripting. This vulnerability is known as CVE-2025-54862. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Santesoft Sante PACS Server up to 4.2.2 and classified as problematic. Affected is an unknown function. Executing manipulation can lead to cleartext transmission of sensitive information. This vulnerability is handled as CVE-2025-54156. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Santesoft Sante PACS Server up to 4.2.2. It has been classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-54759. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in Red Hat Developer Hub. It has been declared as problematic. Affected by this issue is some unknown functionality of the component rhdh-hub-rhel9. The manipulation results in incorrect privilege assignment. This vulnerability was named CVE-2025-5417. The attack needs to be approached within the local network. There is no available exploit.

A vulnerability was found in itsourcecode Sports Management System 1.0. It has been classified as critical. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. This vulnerability is known as CVE-2025-9156. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #630279 / VDB-316231

六合引擎介绍长期以来，银狐（Ghost）、WinOS、PlugX、Cobalt Strike、Sliver、

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0 and classified as critical. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument email leads to sql injection. This vulnerability is traded as CVE-2025-9155. The attack may be launched remotely. Furthermore, there is an exploit available.