Aggregator

Новый лазер обещает морскому флоту супероружие из научной фантастики.

A vulnerability was found in Ninja Pages Plugin up to 1.4.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Admin Settings. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-1454. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Emlog up to 2.5.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument origContent leads to sql injection. This vulnerability is known as CVE-2025-47785. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Emlog 2.5.13. Affected is an unknown function of the file /admin/comment.php. The manipulation of the argument perpage_num leads to cross site scripting. This vulnerability is traded as CVE-2025-47786. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in FunnelKit Plugin up to 3.10.1 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-2203. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2025-4871. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-4872. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in Samsung Internet for Galaxy Watch 5.0.9. Affected by this vulnerability is an unknown functionality of the component TLS Certificate Handler. The manipulation leads to channel accessible by non-endpoint. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-32407. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Wholesale Market Plugin and Wholesale Market for WooCommerce Plugin on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-4363. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in infiniflow ragflow up to 0.18.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2025-48187. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in donetick up to 0.1.43. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component JSON Web Token Handler. The manipulation leads to insecure default variable initialization. This vulnerability is known as CVE-2025-47945. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in pypa setuptools up to 78.1.0. Affected by this issue is some unknown functionality of the component PackageIndex. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-47273. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4863. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-4866. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply the suggested workaround.

A vulnerability was found in CSV Mass Importer Plugin up to 1.2 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-4190. The attack may be launched remotely. There is no exploit available.

The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled Implementing a Zero Trust Architecture (SP 1800‑35), includes 19 example setups using off‑the‑shelf commercial tools. The new guidance is the result of work by NIST’s National Cybersecurity Center of Excellence (NCCoE). Over four years, 24 industry partners including major tech companies helped build, install, test, and document 19 ZTA … More →

The post 19 ways to build zero trust: NIST offers practical implementation guide appeared first on Help Net Security.

本研究提出了 HONEYKUBE，一个基于微服务架构的 Web 蜜罐，通过采用真实的应用程序作为基础框架并主动注入漏洞，有效增强了系统的隐蔽性和攻击交互性。

Here’s a look at the most interesting products from the past week, featuring releases from Contrast Security, Cymulate, Lemony, SpecterOps, Thales, and Vanta. Lemony mitigates privacy and compliance risks associated with cloud-based AI With Lemony, different teams can run their own nodes or clusters of nodes and securely connect them. This enables teams to share knowledge across the organization, but only at the depth permitted by defined AI access policies. In other words, teams can … More →

The post New infosec products of the week: June 13, 2025 appeared first on Help Net Security.

<p>Figure 1 - We take our work very seriously. Capturing Hashes with DragonHashChromium-based browsers have an odd feature set that allows extensive drag-and-drop capabilities in the browser. This feature is not only…</p>