Aggregator

A vulnerability described as problematic has been identified in ExpressGateway express-gateway up to 1.16.10. This affects an unknown function in the library lib/rest/routes/users.js of the component REST Endpoint. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-9095. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A new Android malware campaign has emerged, targeting banking customers in Brazil, India, and Southeast Asia, combining contactless fraud via NFC, call interception, and the exploitation of device vulnerabilities. Researchers at ThreatFabric have identified...

The post PhantomCard: The New Android Malware Using NFC to Steal Your Money appeared first on Penetration Testing Tools.

当前环境出现异常，需完成验证后方可继续访问。

欢迎汽车爱好者的加入……

对于数据犯罪的研究，已经从物权属性的上位概念逐渐细化渗透到了数据类型化保护的具体领域。

可持续发展已从企业社会责任转变为核心战略支柱。

当前环境异常，需完成验证后方可继续访问。

当前环境出现异常，请完成验证后继续访问。

BigAnt Office Messenger 5.6.06 - SQL Injection

RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)

PHPMyAdmin 3.0 - Bruteforce Login Bypass

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Soosyze CMS 2.0 - Brute Force Login

Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)

Tenda AC20 16.03.08.12 - Command Injection

特别对味，发展翻倍！

A vulnerability classified as critical was found in Linux Kernel up to 6.15.4/6.16-rc3. Affected is an unknown function of the component LoongArch. The manipulation results in improper validation of array index. This vulnerability is identified as CVE-2025-38367. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.186/6.1.142/6.6.95/6.12.35/6.15.4. Affected is the function get_first_active_display of the component AMD Display. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-38362. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.15.4. The impacted element is the function tegra_crtc_reset. Performing manipulation results in null pointer dereference. This vulnerability was named CVE-2025-38363. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.