Aggregator

Mocha Manakin, malvertising, and social engineering trends: Catch up on the last month's episodes of Red Canary Office Hours.

A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been declared as critical. This vulnerability affects the function getOfficeName of the file OfficeServiceImpl.java. The manipulation of the argument officesName leads to sql injection. This vulnerability was named CVE-2025-6766. The attack can be initiated remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

A vulnerability was found in TPODER Net::IP::LPM 1.10 on Perl. It has been declared as problematic. This vulnerability affects unknown code of the component IP CIDR Address String Handler. The manipulation leads to improper validation of specified type of input. This vulnerability was named CVE-2025-40910. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The identification of this vulnerability is CVE-2025-6765. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. It has been rated as critical. This issue affects the function findDoctorByCondition of the file DoctorServiceImpl.java. The manipulation of the argument hospitalName leads to sql injection. The identification of this vulnerability is CVE-2025-6767. The attack may be initiated remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

A vulnerability was found in Lychee up to 6.6.12. It has been rated as problematic. Affected by this issue is the function fopen of the file /api/v2/Photo::fromUrl. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2025-53018. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

本节内容介绍如何使用PC端豆包提升工作效率，每天节省2个小时。

Debian 项目宣布，AMD 成为下个月在法国 Brest 举行的 DebConf25 开发者大会的白金赞助商。AMD 此举旨在向 Debian 开发者宣传它的开源 GPU 编程软件栈 ROCm，因为 Debian 发行版是 AMD ROCm 的官方支持平台，越来越多的组件直接包含在 Debian 发行版中（然而稳定版并没有，主要是测试版）。

A critical NetScaler ADC and Gateway vulnerability dubbed "Citrix Bleed 2" (CVE-2025-5777) is now likely exploited in attacks, according to cybersecurity firm ReliaQuest, seeing an increase in suspicious sessions on Citrix devices. [...]