Aggregator

Copyparty 1.18.6 存在反射型跨站脚本 (XSS) 漏洞 (CVE-2025-54589)，因 filter 参数未正确清理即注入 HTML 响应中，允许攻击者注入并执行任意 JavaScript 代码。附带一个用于测试该漏洞的 C 语言程序。

文章描述了一个针对Swagger UI 1.0.3的跨站脚本（XSS）漏洞（CVE-2025-8191），该漏洞源于对描述参数过滤不足，允许攻击者通过注入恶意脚本执行远程命令。

该文章描述了一个SQL注入漏洞（CVE-2025-41373），影响路径`/encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=`及其相关版本。攻击者可通过直接拼接`idestudio`参数注入任意SQL代码，并使用布尔和时间盲注技术进行检测。

微软Windows 11中的虚拟硬盘（VHDX）存在软腐败漏洞（CVE-2025-49683），可通过PowerShell脚本在特定位置引入字节级腐败，导致系统异常或远程代码执行。该漏洞评分7.8（高危）。

微软Edge浏览器存在信息泄露漏洞（CVE-2025-49741），nu11secur1ty发布Python脚本模拟攻击过程。该脚本运行两个HTTP服务器：恶意服务器（8080端口）收集受害者信息并发送至外发端点（1337端口），用于演示数据泄露。

Gandia Integra Total 4.4.2236.1 - SQL Injection

Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure

Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)

LPAR2RRD 8.04 - Remote Code Execution (RCE)

Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation

Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)

A vulnerability, which was classified as problematic, has been found in Liferay Enterprise Portal 4.3.6. This issue affects some unknown processing of the component Monitoring. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2008-0178. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in LightNEasy 1.2.2. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to path traversal. This vulnerability is handled as CVE-2008-6590. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in LifeType 1.2.8. This affects an unknown part of the file admin.php. The manipulation of the argument newBlogUserName leads to cross site scripting. This vulnerability is uniquely identified as CVE-2008-2196. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in lemon CMS 1.10. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument dir leads to path traversal. This vulnerability is handled as CVE-2008-3312. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in Liberia CMS 1.00/1.10/1.11/1.12. This affects an unknown part of the file admin.php. The manipulation of the argument cookie leads to sql injection. This vulnerability is uniquely identified as CVE-2008-4701. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in NoMachine up to 5.3.9 on Mac OS X. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2017-12763. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple iOS up to 10.2.0. This vulnerability affects the function HTMLFormElement::reset of the component WebKit. The manipulation leads to memory corruption. This vulnerability was named CVE-2017-2362. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Apple Safari up to 10.0.2. This affects the function HTMLFormElement::reset of the component WebKit. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2017-2362. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.