Aggregator

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The identification of this vulnerability is CVE-2025-2710. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. This vulnerability is traded as CVE-2025-2711. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this issue is some unknown functionality of the file /app-api/infra/file/upload of the component Front-End Store Interface. The manipulation of the argument path leads to path traversal. This vulnerability is handled as CVE-2025-2707. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in zhijiantianya ruoyi-vue-pro 2.4.1. This affects an unknown part of the file /admin-api/infra/file/upload of the component Backend File Upload Interface. The manipulation of the argument path leads to path traversal. This vulnerability is uniquely identified as CVE-2025-2708. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. This vulnerability is traded as CVE-2025-2622. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in redoxOS relibc. This vulnerability affects the function round_up_to_page. The manipulation leads to denial of service. This vulnerability was named CVE-2024-57492. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it

FaunaDB 是一种组合关系和文档功能的无服务器数据库，数据存储在 JSON 文档中，保留了一致性、联结和外键支持等关系功能。开发该数据库的创业公司 Fauna 因资金链中断而宣布于 5 月底倒闭，该公司计划开源 FaunaDB 的核心技术，希望开源社区能延续其遗产。Fauna 创业公司曾在 2020 年筹集到 2500 万美元的风投，上周宣布终止服务。除了发布数据库开源版本外，查询语言 FQL 也将公开。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

这篇论文综述了网络流量分类的技术、数据集及面临的挑战。

新Windows零日漏洞泄露NTLM哈希值，允许远程攻击者通过恶意文件窃取凭据，影响所有Windows版本。

Почему новая версия ядра оказалась одной из самых интересных.

The FBI Denver Field Office has sounded the alarm about a burgeoning scam involving purportedly free online document converter tools. This scam, which has gained traction globally, sees cybercriminals harnessing these tools to spread malware, leading to severe consequences such as ransomware attacks. The FBI is urging the public to remain vigilant and report any […]

The post FBI Warns Against Using Unsafe File Converter Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Уязвимости GRUB позволяют атаковать ещё до запуска системы.

微软表示，他们将很快在VSMarketplace GitHub存储库中发布有关该扩展和任何检测到的恶意活动的更多细节。

lashpoint 的最新情报报告清晰地揭示了持续升级的网络威胁态势，着重指出了泄露凭证和恶意软件感染数量惊人