Aggregator

Submit #601339 / VDB-313739

Submit #597453 / VDB-313738

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6565. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #590030 / VDB-313737

美国网络部队可能以多种方式支持了美军“午夜之锤行动”

AT&T屡屡爆出重大数据泄露事故

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A vulnerability was found in Quest KACE SMA up to 14.1 and classified as critical. Affected by this issue is some unknown functionality of the component License Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-32978. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quest KACE SMA up to 14.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Backup Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is known as CVE-2025-32977. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Quest KACE SMA up to 14.1. Affected is an unknown function of the component 2FA. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-32976. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Quest KACE SMA up to 14.1. This issue affects some unknown processing. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-32975. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Canada and FBI warn of China-linked APT Salt Typhoon targeting Canadian telecom firms in ongoing cyber espionage operations. The Canadian Centre for Cyber Security and the FBI warn that China-linked APT cyber espionage group Salt Typhoon, is targeting Canadian telecom firms in espionage attacks. The Salt Typhoon hacking campaign, active for 1–2 years, has targeted […]

Домашний роутер стал шпионом, офисная камера — доносчиком, а вы всё ещё думаете, что это паранойя.

Mozilla 释出了 Firefox 140，这是一个长期支持版本（LTS）。主要新特性包括：右键标签页会显示“Unload Tab”选项，此举可减少未使用标签页占用的内存节省 CPU 资源；支持 CSS Custom Highlighting API，Chrome 从 v121 开始支持该 API；改进垂直标签，支持添加自定义搜索引擎；支持 SVG fetchpriority 属性、Cookie Store API 等。

UUSEC WAF Web Application Firewall is an industrial grade free, high-performance, and highly scalable web application and API security protection product that supports AI and semantic engines. It is a comprehensive website protection product launched...

The post UUSEC WAF: Free, Industrial-Grade Web Application Firewall with AI & Three-Layer Defense appeared first on Penetration Testing Tools.

A vulnerability has been found in IBM QRadar SIEM up to 7.5.0 Update Package 12 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to file inclusion. This vulnerability is known as CVE-2025-33117. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

法国食品、环境和职业健康与安全局（ANSES）发表研究报告，所有饮料都含有微塑料，但玻璃瓶装饮料的微塑料颗粒含量显著高于塑料瓶、纸盒或罐装饮料。对各种包装的饮料的检测发现，玻璃瓶装软饮料、柠檬水、冰茶和啤酒中平均每升含有 100 个微塑料颗粒，是塑料瓶或金属罐装饮料的 5-50 倍。科学家推测，玻璃瓶装饮料的塑料颗粒可能来自瓶盖上的塑料涂层。瓶盖可能是在运输过程中因为摩擦等导致了塑料颗粒脱落。制造商可采取措施减少塑料颗粒的脱落。

Nederland doneert 100 aanvullende dronedetectieradars aan Oekraïne. Ook gaan er voertuigen voor gewondenvervoer naar het land. Verder steekt Nederland extra geld in de steun met drones. Het gaat om een steunpakket van in totaal ongeveer €175 miljoen. Dit komt bovenop contracten die deze dagen ondertekend zijn met de Oekraïense industrie om voor €500 miljoen drones te produceren. Dat maakte minister Ruben Brekelmans vandaag bekend voorafgaand aan het NATO Summit Defence Industry Forum in Den Haag.

A vulnerability was found in Microsoft Windows 11 22H2/11 23H2/11 24H2/Server 2022 23H2/Server 2025. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Cross Device Service. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-24076. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.