Aggregator

Submit #556614 / VDB-305778

A vulnerability, which was classified as problematic, has been found in Froala Editor 4.1.1. This issue affects some unknown processing of the component Insert Image. The manipulation of the argument Insert link leads to cross site scripting. The identification of this vulnerability is CVE-2023-42426. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in GStreamer and classified as critical. This issue affects some unknown processing of the component Parsing. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2023-40476. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.

火星上是否存在过生命我们暂时还不得而知，但今天的火星显然不太适合生命生存。然而根据发表在《IMA Fungus》期刊上的一项研究，能在地球极端恶劣环境中生存的地衣或能在火星上生存。地衣是一种共生体，即两个物种之间存在相互合作的关系。地衣由真菌和能进行光合作用的藻类组成。研究人员在模拟火星的环境以及强电离辐射下测试了地衣物种 Diploschistes muscorum 和 Cetrarea aculeata。结果显示地衣的新陈代谢仍然活跃，太阳耀斑产生的 X 射线不太可能影响其潜在宜居性。研究人员表示需要对其进行进一步的研究以了解如何减轻辐射损伤。

A vulnerability was found in songquanpeng one-api up to 0.6.10. It has been classified as problematic. This affects an unknown part of the component System Setting Handler. The manipulation of the argument Homepage Content/About System/Footer leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3801. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This issue affects some unknown processing of the component API. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-3850. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in YXJ2018 SpringBoot-Vue-OnlineExam 1.0. This vulnerability affects unknown code of the file /api/studentPWD. The manipulation of the argument studentId leads to unverified password change. This vulnerability was named CVE-2025-3849. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #556413 / VDB-305655

Submit #556412 / VDB-305655

Submit #556370 / VDB-305777

Submit #556285 / VDB-305777

Submit #556284 / VDB-305777

Submit #556283 / VDB-305776

A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3847. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in markparticle WebServer up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file code/http/httprequest.cpp of the component Registration. The manipulation of the argument username/password leads to sql injection. This vulnerability is handled as CVE-2025-3846. The attack may be launched remotely. Furthermore, there is an exploit available.