Aggregator

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. This vulnerability is known as CVE-2025-4191. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability classified as critical has been found in SparkLabs Viscosity up to 1.11.4 on macOS. Affected is an unknown function of the component viscosity_openvpn. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2025-4412. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A proof-of-concept exploit targeting a critical denial-of-service vulnerability in Apache Tomcat has been publicly released, exposing servers running versions 10.1.10 through 10.1.39 to potential attacks.  The exploit, designated as CVE-2025-31650, leverages malformed HTTP/2 priority headers to cause memory exhaustion on vulnerable Tomcat instances.  Security researcher Abdualhadi Khalifa developed and published the exploit code on June […]

The post PoC Exploit Released for Apache Tomcat DoS Vulnerability appeared first on Cyber Security News.

复旦大学等团队在《科学》上报告，借助脑机接口等技术，新一代视觉假体不仅使失明动物恢复可见光视力，还可扩展其视觉功能，这为失明患者复明提供了新可能。研究显示，该团队开发出全球首款光谱覆盖范围极广（470-1550nm，从可见光延伸至近红外二区）的视觉假体，该假体无需依赖任何外部设备，即可使失明动物模型恢复可见光视觉能力，还能赋予动物感知红外光，甚至识别红外图案的“超视觉”功能，也就是在黑暗中也能看见事物。在非人灵长类动物（食蟹猴）模型上的实验验证了该假体的有效性。植入半年后，动物模型均未观察到任何不良排异反应，这为后续推进临床应用转化奠定了重要基础。考虑到目前医学伦理的限制，研究暂时不会进入临床试验阶段。

A vulnerability classified as very critical has been found in B. Braun OnlineSuite 3.0. This affects an unknown part. The manipulation leads to relative path traversal. This vulnerability is uniquely identified as CVE-2025-3365. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in B. Braun OnlineSuite 3.0. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of special elements used in an expression language statement. This vulnerability is handled as CVE-2025-3322. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-5799. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-5798. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Cisco Talos has uncovered a sophisticated and destructive cyberattack targeting a critical infrastructure entity in Ukraine, deploying a previously unknown wiper malware dubbed “PathWiper.” This attack, attributed with high confidence to a Russia-nexus advanced persistent threat (APT) actor, showcases the persistent and evolving threat to Ukrainian critical infrastructure amid the ongoing Russia-Ukraine conflict. The attackers […]

The post New pathWiper Malware Targets Critical Infrastructure to Deploy Admin Tools appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in Laundry Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The identification of this vulnerability is CVE-2025-5797. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. This vulnerability was named CVE-2025-5796. The attack can be initiated remotely. Furthermore, there is an exploit available.

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

Submit #591270 / VDB-311353

Submit #591266 / VDB-311352

A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5795. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Tenda AC5 15.03.06.47. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. This vulnerability is handled as CVE-2025-5794. The attack may be launched remotely. Furthermore, there is an exploit available.

决战AI智体

作者：知道创宇404高级威胁情报团队 时间：2025年6月6日 1. 背景 1.1 组织介绍 海莲花（OceanLotus），又称 APT32，是一个具有国家背景的高级持续性威胁（APT）组织，该组织自2012年起活跃，主要针对东亚及东南亚地区的政府机构、企业、媒体和活动家等，近年来，多次针对国内重点单位展开攻击活动。该组织攻击手法多样，拥有大量自研武器，常在攻击活动不同阶段结合开源工具达成...

A vulnerability classified as critical was found in B. Braun OnlineSuite 3.0. Affected by this vulnerability is an unknown functionality. The manipulation leads to hard-coded credentials. This vulnerability is known as CVE-2025-3321. Local access is required to approach this attack. There is no exploit available.

A vulnerability classified as critical has been found in Huawei HarmonyOS 5.0.0. Affected is an unknown function of the component IPC Module. The manipulation leads to uncaught exception. This vulnerability is traded as CVE-2025-48907. An attack has to be approached locally. There is no exploit available.