Aggregator

Germany limits police spyware use to serious crimes

Security Affairs
1 month ago
Germany’s top court ruled police can use spyware only for crimes punishable by at least three years in prison. Germany’s top court ruled that police may only use spyware to monitor devices in cases involving crimes with a maximum sentence of at least three years. “The interference with both the fundamental right protecting IT-systems and Art. 10(1) of […]
Pierluigi Paganini

Germany limits police spyware use to serious crimes

不安全
1 month ago
德国最高法院裁决限制警方使用间谍软件仅限于涉及至少三年监禁的严重犯罪案件,并回应2017年相关规则的挑战,强调此类监视对隐私权构成“非常严重”的侵犯,并具有广泛的监控能力。

CVE-2025-8811 | code-projects Simple Art Gallery 1.0 /Admin/registration.php fname sql injection (EUVD-2025-24093)

VulDB Recent Entries
1 month ago
A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. This vulnerability is handled as CVE-2025-8811. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-8810 | Tenda AC20 16.03.08.05 /goform/SetFirewallCfg strcpy firewallEn stack-based overflow (EUVD-2025-24090)

VulDB Recent Entries
1 month ago
A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-8810. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-8809 | code-projects Online Medicine Guide 1.0 /addelidetails.php del sql injection (EUVD-2025-24091)

VulDB Recent Entries
1 month ago
A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. This vulnerability is traded as CVE-2025-8809. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-8808 | xujeff tianti 天梯 up to 2.3 com.jeff.tianti.controller save exportOrder csv injection (EUVD-2025-24088)

VulDB Recent Entries
1 month ago
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The identification of this vulnerability is CVE-2025-8808. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8807 | xujeff tianti 天梯 up to 2.3 save authorization (EUVD-2025-24089)

VulDB Recent Entries
1 month ago
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-8807. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8806 | zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 treeData sql injection (EUVD-2025-24086)

VulDB Recent Entries
1 month ago
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8806. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-8805 | Open5GS up to 2.7.5 SMF src/smf/gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service (Issue 4000 / EUVD-2025-24087)

VulDB Recent Entries
1 month ago
A vulnerability was found in Open5GS up to 2.7.5 and classified as problematic. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-8805. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8804 | Open5GS up to 2.7.5 AMF ngap_build_downlink_nas_transport assertion (Issue 3950 / EUVD-2025-24084)

VulDB Recent Entries
1 month ago
A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. This vulnerability is known as CVE-2025-8804. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad