Aggregator

A vulnerability, which was classified as critical, was found in Apple QuickTime and Darwin Streaming Server up to 4.1.3f. Affected by this vulnerability is an unknown functionality of the file parse_xml.cgi. The manipulation of the argument filename leads to information disclosure (Source). This vulnerability is known as CVE-2003-0423. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

当前环境异常，请完成验证后继续访问。

当前环境出现异常,需完成验证后才能继续访问.

Cybersecurity researchers from watchTowr Labs have published a comprehensive technical analysis of a critical pre-authentication command injection vulnerability affecting Fortinet FortiSIEM systems, designated as CVE-2025-25256. The vulnerability carries a maximum CVSS score of 9.8 and has already been exploited in the wild, making it one of the most pressing security threats facing enterprise security operations […]

The post Fortinet FortiSIEM Command Injection Vulnerability (CVE-2025-25256) – Technical Details Revealed appeared first on Cyber Security News.

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息资源。

Устраните уязвимости и настройте инфраструктуру, устойчивую к атакам.

A vulnerability was found in Mozilla Thunderbird up to 137.x. It has been classified as critical. Affected by this issue is some unknown functionality of the component Javascript URI Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2025-4083. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 128.10.0/138.0.0. Affected is an unknown function of the component Header Handler. The manipulation of the argument X-Mozilla-External-Attachment-URL leads to Remote Code Execution. This vulnerability is traded as CVE-2025-3932. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 137.x. This issue affects some unknown processing of the component WebGL Shader Attribute Handler. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2025-4082. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Thunderbird up to 137.x and classified as critical. Affected is an unknown function of the component WebGL Shader Attribute Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2025-4082. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 137.x and classified as critical. Affected by this vulnerability is an unknown functionality of the component Javascript URI Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-4083. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Mozilla Thunderbird up to 128.10.0/138.0.0. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Mozilla-External-Attachment-URL leads to cross site scripting. The identification of this vulnerability is CVE-2025-3909. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Cisco FXOS and UCS Manager Software and classified as problematic. Affected by this issue is some unknown functionality of the component Configuration Backup Handler. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is handled as CVE-2023-20016. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 1 - In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

Currently trending CVE - Hype Score: 1 - In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

Currently trending CVE - Hype Score: 2 - Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

罗章龙，中国共产党最早一批党员之一，京汉铁路大罢工主要领导人之一，在中国共产党和中国工人运动的早期历史上做出积极贡献。

A vulnerability identified as critical has been detected in SourceCodester Simple Barangay Management System 1.0. Affected is an unknown function of the file /barangay_management/admin/?page=view_clearance. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-44192. It is possible to launch the attack remotely. There is no exploit available.