Aggregator

零配置快速搭建软件开发与逆向分析环境

零配置快速搭建软件开发与逆向分析环境

A vulnerability, which was classified as critical, was found in PCMan FTP Server up to 2.0.7. Affected is an unknown function of the component RENAME Command Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2025-4079. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in Wangshen SecGate 3600 2400. This issue affects some unknown processing of the file ?g=log_export_file. The manipulation of the argument file_name leads to path traversal. The identification of this vulnerability is CVE-2025-4078. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects School Billing System 1.0. This vulnerability affects the function searchrec. The manipulation of the argument Name leads to stack-based buffer overflow. This vulnerability was named CVE-2025-4077. It is possible to launch the attack on the local host. Furthermore, there is an exploit available.

Submit #560558 / VDB-306517

There must be a fundamental shift in strategy for B2B leaders, one that places artificial intelligence (AI) threat detection at the core of cyberdefense. 

The post Why B2B Leaders Must Rethink Cybersecurity Strategies With AI at the Core appeared first on Security Boulevard.

Submit #560541 / VDB-306516

Submit #560540 / VDB-306515

Submit #560534 / VDB-306514

近日看到几张网络安全在线培训的截图，扯个闲淡。授课，不是单纯地说技术水平高就可以。技术水平在这件事里，可能是排到最后面的。

近日看到几张网络安全在线培训的截图，扯个闲淡。授课，不是单纯地说技术水平高就可以。技术水平在这件事里，可能是排到最后面的。

A vulnerability classified as critical has been found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function easy_uci_set_option_string_0 of the file /cgi-bin/lighttpd.cgi of the component Password Handler. The manipulation of the argument routepwd leads to command injection. This vulnerability is uniquely identified as CVE-2025-4076. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input "><script>alert(1)</script> leads to cross site scripting. This vulnerability is handled as CVE-2025-4075. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #560232 / VDB-306513

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/pass-bwdates-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is known as CVE-2025-4074. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #560212 / VDB-306512

A vulnerability was found in PHPGurukul Student Record System 3.20. It has been classified as critical. Affected is an unknown function of the file /change-password.php. The manipulation of the argument currentpassword leads to sql injection. This vulnerability is traded as CVE-2025-4073. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-nurse.php. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-4072. The attack may be initiated remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.