Aggregator

A vulnerability has been found in elunez eladmin up to 2.7 and classified as problematic. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STR_PARAM with the input Passw0rd leads to inadequate encryption strength. This vulnerability is documented as CVE-2025-9239. The attack can be initiated remotely. There is not any exploit available.

Submit #634313 / VDB-199683

Submit #631473 / VDB-320774

Submit #631424 / VDB-320773

Submit #631393 / VDB-320772

A vulnerability, which was classified as critical, was found in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. This vulnerability is registered as CVE-2025-9238. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. This vulnerability is cataloged as CVE-2025-9237. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

本文介绍了http2指纹实现的一些构想，用于代理检测

关键词网络中断当地时间周一，马斯克旗下的星链（Starlink）卫星互联网服务发生短暂中断，影响遍及全球。

关键词数据泄露8月19日，网络安全研究员发现数百个TeslaMate安装程序存在安全漏洞，导致敏感的特斯拉车辆

关键词黑客8 月 19 日，有外媒报道称，谷歌正式确认其数据库遭到黑客攻击，约 25 亿 Gmail 用户的信

Брешь в Ollama позволяет читать ваши чаты с ИИ и подсовывать "отравленные" модели.

A vulnerability classified as critical was found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such manipulation of the argument nm_tipo leads to sql injection. This vulnerability is listed as CVE-2025-9236. The attack may be performed from a remote location. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #631142 / VDB-320771

Блэкджек с киберпреступниками обернулся катастрофой для IT-систем.

The Amazon Q Developer VS Code Extension (Amazon Q) is a very popular coding agent, with over 1 million downloads. In previous posts we showed how prompt injection vulnerabilities in Amazon Q could lead to: Exfiltration of sensitive information from the user’s machine , and also to a System compromise by running arbitrary code Today we will show how an attack can leverage invisible Unicode Tag characters that humans cannot see.

Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments

Submit #631136 / VDB-320770

A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compound_events.shtm. This manipulation of the argument Name causes cross site scripting. This vulnerability is tracked as CVE-2025-9235. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability described as problematic has been identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenance_events.shtm. The manipulation of the argument Alias results in cross site scripting. This vulnerability is identified as CVE-2025-9234. The attack can be executed remotely. Additionally, an exploit exists.