Aggregator

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. This vulnerability is known as CVE-2025-2581. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Toncoin项目宣称投资者质押10万美元TON代币并支付3.5万美元手续费可获阿联酋10年黄金签证。Telegram创始人杜罗夫转发宣传。阿联酋官方否认与该项目关联，强调数字资产投资受法规管辖，提醒投资者防范诈骗。

独特的“谁开发，谁负责”警报处理模式以及将安全视为软件工程的理念

Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day

欧盟新规要求标明电池额定充电次数，三星手机电池表现最佳，通常可达2000次；Google Pixel和Fairphone等品牌多为1000-1400次；苹果iPhone 16系列为1000次。

欧盟的新能效标签要求厂商标明电池的额定充电次数。那么根据充电次数，今天哪些手机品牌的电池更耐用？数据显示， 三星手机电池遥遥领先。Google Pixel 系列手机电池充电次数基本上是一千次；三星基本上是 2000 次（少数几款 1200 次）；Fairphone 5 1200 次，Fairphone 6 降至 1000 次；摩托罗拉 Edge 50 系列为 1200 次，G55 800 次，其它型号基本上是 1000 次；Nothing 系列手机为 1400 次；OnePlus OnePlus 13R 1200 次，OnePlus 13 1000 次；索尼 Xperia 1 VII 为 1400 次，苹果 iPhone 16 系列都是 1000 次。

БРИКС готовит «коммуналку» за ИИ.

文章介绍了两款红队工具dddd-rust和dddd-red的功能与优势。dddd-rust用于快速资产扫描与漏洞打点，而dddd-red则提供一体化的漏洞扫描、资产管理与远程控制功能。这两款工具适用于SRC挖洞、红队打点及众测项目等场景，并提供限时优惠购买选项。

日本JPCERT/CC 2025年第一季度报告指出网络攻击激增，钓鱼攻击占87%，网站入侵增长75%，供应链漏洞被利用。显示网络威胁日益复杂化和精准化，需加强防御措施。

文章讨论了单点登录（SSO）和多因素认证（MFA）在企业安全中的重要性，并指出这些工具通常昂贵且复杂。Cubeless推出免费、简化的SSO和MFA解决方案。此外，文章还探讨了AI代理对身份基础设施的需求及传统安全模型的不足，并介绍了相关技术的发展与解决方案。

A vulnerability has been found in SUR-FBD CMMS up to 2025.03.26 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DLL File. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2025-3920. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. This vulnerability is traded as CVE-2025-7200. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

“Безопасный счёт” стал приговором.

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

当前环境异常，请完成验证后继续访问。

A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This issue affects some unknown processing of the file /notapprove.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-7199. The attack may be initiated remotely. Furthermore, there is an exploit available.

Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers.  The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous versions likely vulnerable as well. Key Takeaways1. Two severe CVE-tracked flaws […]

The post ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access appeared first on Cyber Security News.

Submit #607526 / VDB-315138

A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink leads to sql injection. This vulnerability was named CVE-2025-7198. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7197. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.