Aggregator

守护城市水脉，保障关键基础设施安全。

A vulnerability, which was classified as problematic, was found in Credentials Binding Plugin up to 687.v619cb_15e923f on Jenkins. This affects an unknown part. The manipulation leads to sensitive information in log files. This vulnerability is uniquely identified as CVE-2025-53650. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in evesys up to 8.0 2202 and classified as problematic. This vulnerability affects unknown code of the file indexeva.php. The manipulation of the argument action leads to cross site scripting. This vulnerability was named CVE-2021-27961. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-47131. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-47120. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Ivanti Connect Secure and Policy Secure. Affected is an unknown function of the component Internal Network Service Handler. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2025-0292. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Events Manager Plugin up to 7.0.3 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation of the argument orderby leads to sql injection. This vulnerability is traded as CVE-2025-6970. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Events Manager Plugin up to 7.0.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-6976. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in HTML Publisher Plugin up to 425 on Jenkins and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-53651. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Events Manager Plugin up to 7.0.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument calendar_header leads to cross site scripting. This vulnerability is handled as CVE-2025-6975. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Events Manager Plugin up to 7.0.3 on WordPress. This affects an unknown part. The manipulation of the argument calendar_header leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6975. It is possible to initiate the attack remotely. There is no exploit available.

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

在当下数字化浪潮席卷的时代，比特币、泰达币等虚拟货币如同一股新兴力量，悄然成为投资领域的一股趋势。

电子文档真实性鉴定

Microsoft is rolling out a new backup system in September for its Authenticator app on iOS, removing the requirement to use a Microsoft personal account to back up TOTP secrets and account names. [...]

Threat Attack Daily - 9th of July 2025

A vulnerability was found in Postoaktraffic AWAM Bluetooth Reader. It has been classified as critical. Affected is an unknown function of the component Bluetooth. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2012-4687. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Voltronic Power ViewPower Pro. Affected is an unknown function. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2023-51574. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in mintplex-labs anything-llm up to 0.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/system/upload-logo of the component Logo Filename Handler. The manipulation leads to relative path traversal. This vulnerability is handled as CVE-2024-3025. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.