Aggregator

CVE-2025-48909 | Huawei HarmonyOS 5.0.0 Device Management Channel improper authentication (EUVD-2025-17066)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been rated as critical. This issue affects some unknown processing of the component Device Management Channel. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-48909. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com

CVE-2025-48911 | Huawei HarmonyOS 5.0.0 Note Sharing Module privileges assignment (EUVD-2025-17064)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in Huawei HarmonyOS 5.0.0. Affected by this vulnerability is an unknown functionality of the component Note Sharing Module. The manipulation leads to incorrect privilege assignment. This vulnerability is known as CVE-2025-48911. It is possible to launch the attack on the local host. There is no exploit available.
vuldb.com

CVE-2025-48908 | Huawei HarmonyOS 5.0.0 Ability Auto Startup Service unsynchronized access to shared data in a multithreaded context (EUVD-2025-17063)

Vuldb Updates
2 months 1 week ago
A vulnerability was found in Huawei HarmonyOS 5.0.0. It has been declared as critical. This vulnerability affects unknown code of the component Ability Auto Startup Service. The manipulation leads to unsynchronized access to shared data in a multithreaded context. This vulnerability was named CVE-2025-48908. An attack has to be approached locally. There is no exploit available.
vuldb.com

CVE-2025-4191 | PHPGurukul Employee Record Management System 1.3 /editmyeducation.php coursepg/yophsc sql injection (EUVD-2025-12813)

Vuldb Updates
2 months 1 week ago
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. This vulnerability is known as CVE-2025-4191. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-4412 | SparkLabs Viscosity up to 1.11.4 on macOS viscosity_openvpn default permission (EUVD-2025-17060)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical has been found in SparkLabs Viscosity up to 1.11.4 on macOS. Affected is an unknown function of the component viscosity_openvpn. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-4412. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

PoC Exploit Released for Apache Tomcat DoS Vulnerability

Cyber Security News
2 months 1 week ago

A proof-of-concept exploit targeting a critical denial-of-service vulnerability in Apache Tomcat has been publicly released, exposing servers running versions 10.1.10 through 10.1.39 to potential attacks.  The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances.  Security researcher Abdualhadi Khalifa developed and published the exploit code on June […]

The post PoC Exploit Released for Apache Tomcat DoS Vulnerability appeared first on Cyber Security News.

Guru Baran

科学家通过脑机接口恢复失明动物视觉功能

Solidot
2 months 1 week ago
复旦大学等团队在《科学》上报告,借助脑机接口等技术,新一代视觉假体不仅使失明动物恢复可见光视力,还可扩展其视觉功能,这为失明患者复明提供了新可能。研究显示,该团队开发出全球首款光谱覆盖范围极广(470-1550nm,从可见光延伸至近红外二区)的视觉假体,该假体无需依赖任何外部设备,即可使失明动物模型恢复可见光视觉能力,还能赋予动物感知红外光,甚至识别红外图案的“超视觉”功能,也就是在黑暗中也能看见事物。在非人灵长类动物(食蟹猴)模型上的实验验证了该假体的有效性。植入半年后,动物模型均未观察到任何不良排异反应,这为后续推进临床应用转化奠定了重要基础。考虑到目前医学伦理的限制,研究暂时不会进入临床试验阶段。

Managed ad