Aggregator

A vulnerability identified as critical has been detected in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-10948. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. This vulnerability is handled as CVE-2025-10947. The attack can be executed remotely. Additionally, an exploit exists. It is advisable to upgrade the affected component.

Submit #652402 / VDB-325819

VAST x《蛋仔派对》，能否诞生 3D 创作的「剪映」时刻？

Submit #652387 / VDB-325818

A vulnerability was found in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. It has been rated as problematic. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. This vulnerability is known as CVE-2025-10946. Remote exploitation of the attack is possible. No exploit is available. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.

A vulnerability was found in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. It has been declared as problematic. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads to cross site scripting. This vulnerability is traded as CVE-2025-10945. The attack may be launched remotely. There is no exploit available. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Submit #652282 / VDB-325817

Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversaries to bypass signature verification mechanisms and maintain persistent control over enterprise server infrastructure. These flaws, affecting multiple generations of Supermicro motherboards, demonstrate how design weaknesses in firmware validation processes […]

The post BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features appeared first on Cyber Security News.

Distributed denial-of-service (DDoS) attacks remain one of the most common and disruptive forms of cybercrime. Defenders have traditionally focused on detecting these attacks once they are underway. New research suggests that predicting DDoS attacks in advance may be possible, giving security teams a head start in planning their defenses. A new study outlines an approach to forecasting DDoS activity using deep learning. The researchers from Universiti Malaya and Universiti Teknikal Malaysia Melaka analyzed 192,525 DDoS … More →

The post Predicting DDoS attacks: How deep learning could give defenders an early warning appeared first on Help Net Security.

Подписи, филиальная структура, сводные и сопроводительные реестры, домены в адресной книге и многое другое.

三菱電機株式会社が提供するMELSEC-QシリーズCPUユニットには、ユーザ認証機能が有効になっている場合に、サービス運用妨害（DoS）の脆弱性が存在します。

A vulnerability was found in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. It has been classified as problematic. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes cross site scripting. This vulnerability appears as CVE-2025-10944. The attack may be initiated remotely. There is no available exploit. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #651887 / VDB-325816

Submit #651886 / VDB-325815

A vulnerability was found in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1 and classified as problematic. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr results in cross site scripting. This vulnerability is reported as CVE-2025-10943. The attack can be launched remotely. No exploit exists. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #651884 / VDB-325814

A vulnerability has been found in H3C Magic B3 up to 100R002 and classified as critical. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. This vulnerability is documented as CVE-2025-10942. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #651882 / VDB-325813

A vulnerability, which was classified as critical, was found in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. This vulnerability is registered as CVE-2025-10941. The attack needs to be launched locally. No exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.