Aggregator

A vulnerability, which was classified as critical, was found in MB connect line/Helmholz mbCONNECT24, mymbCONNECT24, myREX24 and myREX24.virtual up to 2.17.x. This affects an unknown part. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-3090. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Шифрование бессильно, если телефон уже у злоумышленников.

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is handled as CVE-2025-6570. The attack may be launched remotely. Furthermore, there is an exploit available.

从 Google X 分拆出来的创业公司 IYO 就 IO 商标起诉了 OpenAI 和 Jony Ive 的 IO Products, Inc. 公司。 OpenAI 于 2025 年 5 月 21 日宣布以 65 亿美元收购 IO，但前几天悄悄撤销了相关的宣传材料。IYO 生产名为 IYO ONE 的耳戴式设备，允许用户通过语音命令与计算机和 AI 进行交互，无需屏幕或键盘。起诉书指控被告故意为竞争产品使用一个易混淆的名称。起诉书称，OpenAI CEO Sam Altman 和 Ive 的设计工作室 LoveFrom 在 2022-2025 年间多次与 IYO 代表会面，了解 IYO 的技术和商业计划细节。2025 年 3 月，Altman 告诉 IYO 正在开发名为 io 的竞争产品。IO Products 成立于 2023 年 9 月，致力于开发与 IYO 产品类似的无屏电脑交互硬件。诉讼寻求禁制令(injunctive relief)，要求对商标侵权和不正当竞争赔偿。

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. This vulnerability is known as CVE-2025-6569. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is traded as CVE-2025-6568. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #601698 / VDB-313742

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-6567. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-6566. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #601612 / VDB-313741

Submit #601344 / VDB-313740

Submit #601339 / VDB-313739

Submit #597453 / VDB-313738

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6565. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #590030 / VDB-313737

美国网络部队可能以多种方式支持了美军“午夜之锤行动”

AT&T屡屡爆出重大数据泄露事故

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。