Aggregator

A vulnerability labeled as problematic has been found in Payload CMS up to 3.43.x. This affects an unknown part of the component JSON Web Token Handler. Such manipulation leads to session expiration. This vulnerability is traded as CVE-2025-4643. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

Submit #638074 / VDB-321888

Submit #638073 / VDB-321887

良品铺子在一则广告中描述了在树上结果的花生。花生是一种地上开花、地下结果的作物。但 AI 作图更多是一种模式匹配，显然不会考虑常识。良品铺子在一则声明中表示，由于工作疏忽，在电商平台商品详情页中错误使用了由 AI 生成的图片素材，从而引发了不必要的误解和讨论。“对此，向所有关心和支持我们的朋友致以诚挚的歉意。发现问题后，良品铺子立即对相关页面进行了更新修正，并已启动对所有产品宣传材料的全面科学性核查。同时，良品铺子正在进一步升级内容审核机制，优化内部管理流程，以确保今后每一项内容的输出都更加严谨、可靠。”

这是有史以来恶意软件胁迫AI助手CLI协助侦查的首个案例。

A vulnerability identified as problematic has been detected in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. This vulnerability appears as CVE-2025-9674. The attack requires local access. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. This vulnerability is reported as CVE-2025-9673. The attack requires a local approach. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Rejseplanen App up to 8.2.2. It has been rated as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. This vulnerability is documented as CVE-2025-9672. The attack needs to be performed locally. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in UAB Paytend App up to 2.1.9 on Android. It has been declared as problematic. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. This vulnerability is registered as CVE-2025-9671. The attack needs to be launched locally. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #638068 / VDB-321884

Submit #637925 / VDB-321883

Submit #637924 / VDB-321882

如何高效对齐数据而不泄露任何隐私

Submit #637922 / VDB-321881

A vulnerability was found in mixmark-io turndown up to 7.2.1. It has been classified as problematic. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. This vulnerability is cataloged as CVE-2025-9670. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

速修复

速修复

银狐木马新变种利用GAC特性劫持系统，360安全智能体实现自动阻断