Aggregator

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The identification of this vulnerability is CVE-2025-5108. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in OpenEMR up to 7.0.3.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument First Name/Last Name leads to cross site scripting. This vulnerability is handled as CVE-2025-32794. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenEMR up to 7.0.3.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to insufficient logging. This vulnerability is handled as CVE-2025-32967. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenEMR. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-43860. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in TeleMessage Service up to 2025-05-05. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component JSP Application. The manipulation leads to exposure of core dump file to an unauthorized control sphere. This vulnerability is known as CVE-2025-48928. Attacking locally is a requirement. Furthermore, there is an exploit available. This product is available as a managed service. Users are not able to maintain vulnerability countermeasures themselves.

A vulnerability was found in TeleMessage Service up to 2025-05-05. It has been classified as problematic. This affects an unknown part of the file /heapdump of the component Spring Boot Actuator. The manipulation leads to insecure default initialization of resource. This vulnerability is uniquely identified as CVE-2025-48927. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is a managed service. This means that users are not able to maintain vulnerability countermeasures themselves.

A vulnerability was found in ARTEC EMA Mail 6.92. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-46611. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in ETHER FCGI up to 0.82 on Perl and classified as problematic. Affected by this issue is the function ReadParams of the file fcgiapp.c. The manipulation of the argument nameLen/valueLen leads to dependency on vulnerable third-party component. This vulnerability is handled as CVE-2025-40907. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apache IoTDB up to 1.3.3. Affected by this issue is some unknown functionality of the component URI Handler. The manipulation leads to code injection. This vulnerability is handled as CVE-2024-24780. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

HydraSDR 是一款基于 Airspy R2 设计的即将发布的软件定义无线电设备，在 PCB 布局、RF 前端和散热管理方面有所改进，并采用 USB-C 接口和更好的屏蔽效果。尽管设计相似且兼容 Airspy 软件，但 HydraSDR 在灵敏度和屏蔽性能上略胜一筹。然而，在 HDR 模式下 Airspy 表现更优。两者售价分别为 189 美元和 169 美元。此外，HydraSDR 和 Airspy 之间存在知识产权纠纷。

«Проверенные» расширения IDE научились взламывать систему.

A critical security flaw in the popular Forminator WordPress plugin has put more than 600,000 websites worldwide at risk of remote takeover, according to recent disclosures from security firm Wordfence and independent researchers.  The vulnerability, tracked as CVE-2025-6463 and rated 8.8 (High) on the CVSS scale, allows unauthenticated attackers to delete arbitrary files from affected servers—potentially leading to full site compromise. […]

The post Over 600K WordPress Sites at Risk Due to Critical Plugin Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability has been found in QUALITIA Active mail up to 6.60.060085 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2025-52463. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in QUALITIA Active mail up to 6.60.060085. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-52462. It is possible to launch the attack remotely. There is no exploit available.

人工智能公司 Anthropic 的 MCP 检查器项目被发现存在高危漏洞，攻击者可利用该漏洞远程执行任意代码并完全控制主机。漏洞源于默认启用的无验证 HTTP 服务器监听 6277 端口。修复版本已发布，请开发者及时更新以避免风险。

Exabeam announced a major expansion of its integrated multi-agent AI system Exabeam Nova that now equips security leaders with a real-time strategic planning engine and boardroom communication tool. The Exabeam Nova Advisor Agent is the AI capability designed to turn security data into a strategy that CISOs can defend in the boardroom. Translating complex security metrics into business-relevant terms has been a long-standing challenge, making it difficult to demonstrate risk reduction, prove the value of … More →

The post Exabeam Nova Advisor Agent equips security leaders with a real-time strategic planning engine appeared first on Help Net Security.

这篇文章介绍了HackerNoon平台上的多篇文章摘要，涵盖技术趋势、AI应用、区块链创新、云安全、数据工程等领域，并提到了HackerNoon与Sia Foundation的合作项目。

Scamnetic releaseed KnowScam 2.0, its flagship product for scam protection and digital identity verification. KnowScam 2.0 builds on everything users already trust — now with major upgrades, including an enhanced three-point scoring system, the new Auto Scan feature for Microsoft Outlook and Android RCS, and a new deepfake detection and ID verification feature in IDeveryone for instant identification. “KnowScam 2.0 marks a major leap forward in proactive scam protection by combining broader platform coverage, automated … More →

The post Scamnetic KnowScam 2.0 helps consumers detect every type of scam appeared first on Help Net Security.

研究人员开发了一种名为RisingAttacK的新技术，能够通过最小的图像修改有效操纵所有广泛使用的人工智能计算机视觉系统，使其看到不同的内容。

研究人员展示了一种攻击人工智能计算机视觉系统的新方法，使其能够控制人工智能“看到”的内容 。研究表明，这种名为 RisingAttacK 的新技术能有效操纵所有最广泛使用的人工智能计算机视觉系统 。RisingAttacK 由一系列操作组成，目标是对图像进行最少的更改，从而允许用户操纵视觉 AI“看到”的内容 。首先，RisingAttacK 识别图像中的所有视觉特征 。该程序还运行一个操作，以确定哪些特征对于实现攻击目标最重要。RisingAttacK 随后计算人工智能系统对数据变化的敏感度，并确定人工智能对关键特征数据变化的敏感度 。研究人员称，“最终结果是，两张图片在人眼看来可能一模一样，我们可能清楚地看到两张图片中都有一辆车。但由于 RisingAttacK，人工智能会在第一张图片中看到一辆车，但在第二张图片中却看不到一辆车” 。研究人员针对四种最常用的视觉人工智能程序：ResNet-50、DenseNet-121、ViTB 和 DEiT-B 对 RisingAttacK 进行了测试 。该技术对所有四种程序都有效 。