Aggregator

Submit #636627 / VDB-321854

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. This vulnerability is documented as CVE-2025-9645. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. This vulnerability is registered as CVE-2025-9644. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in itsourcecode Apartment Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. This vulnerability is cataloged as CVE-2025-9643. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #636625 / VDB-321853

这些恶意网址和IP都与特定木马程序或木马程序控制端密切关联，网络攻击类型包括建立僵尸网络、后门利用等，对中国国内联网单位和互联网用户构成重大威胁。

该方法借助高分辨率图像实现，这些图像所承载的指令对人眼而言是不可见的，但当通过重采样算法降低图像质量时，指令便会显现出来。

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常状态，需完成验证流程后方能恢复访问权限。

Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe a framework that can withstand these kinds of evasion attempts. Their work focuses on adversarial examples in malware detection, where attackers alter software in ways that preserve its function but confuse the model into … More →

The post New framework aims to outsmart malware evasion tricks appeared first on Help Net Security.

Submit #636506 / VDB-321852

Submit #636372 / VDB-321851

Submit #636371 / VDB-321850

A vulnerability, which was classified as problematic, was found in GE Vernova CIMPLICITY. Affected is an unknown function. Such manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2025-7719. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Mitsubishi Electric MELSEC iQ-F FX5U-32MT-ES, MELSEC iQ-F FX5U-32MT-DS, MELSEC iQ-F FX5U-32MT-ESS, MELSEC iQ-F FX5U-32MT-DSS, MELSEC iQ-F FX5U-64MT-ES, MELSEC iQ-F FX5U-64MT-DS, MELSEC iQ-F FX5U-64MT-ESS, MELSEC iQ-F FX5U-64MT-DSS, MELSEC iQ-F FX5U-80MT-ES, MELSEC iQ-F FX5U-80MT-DS, MELSEC iQ-F FX5U-80MT-ESS, MELSEC iQ-F FX5U-80MT-DSS, MELSEC iQ-F FX5U-32MR-ES, MELSEC iQ-F FX5U-32MR-DS, MELSEC iQ-F FX5U-64MR-ES, MELSEC iQ-F FX5U-64MR-DS, MELSEC iQ-F FX5U-80MR-ES, MELSEC iQ-F FX5U-80MR-DS, MELSEC iQ-F FX5UC-32MT-D, MELSEC iQ-F FX5UC-32MT-DSS, MELSEC iQ-F FX5UC-64MT-D, MELSEC iQ-F FX5UC-64MT-DSS, MELSEC iQ-F FX5UC-96MT-D, MELSEC iQ-F FX5UC-96MT-DSS, MELSEC iQ-F FX5UC-32MT-DS-TS, MELSEC iQ-F FX5UC-32MT-DSS-TS, MELSEC iQ-F FX5UC-32MR-DS-TS, MELSEC iQ-F FX5UJ-24MT-ES, MELSEC iQ-F FX5UJ-24MT-DS, MELSEC iQ-F FX5UJ-24MT-ESS, MELSEC iQ-F FX5UJ-24MT-DSS, MELSEC iQ-F FX5UJ-40MT-ES, MELSEC iQ-F FX5UJ-40MT-DS, MELSEC iQ-F FX5UJ-40MT-ESS, MELSEC iQ-F FX5UJ-40MT-DSS, MELSEC iQ-F FX5UJ-60MT-ES, MELSEC iQ-F FX5UJ-60MT-DS, MELSEC iQ-F FX5UJ-60MT-ESS, MELSEC iQ-F FX5UJ-60MT-DSS, MELSEC iQ-F FX5UJ-24MR-ES, MELSEC iQ-F FX5UJ-24MR-DS, MELSEC iQ-F FX5UJ-40MR-ES, MELSEC iQ-F 'FX5UJ-40MR-DS, MELSEC iQ-F FX5UJ-60MR-ES, MELSEC iQ-F FX5UJ-60MR-DS, MELSEC iQ-F FX5UJ-24MT-ES-A, MELSEC iQ-F FX5UJ-24MR-ES-A, MELSEC iQ-F FX5UJ-40MT-ES-A, MELSEC iQ-F FX5UJ-40MR-ES-A, MELSEC iQ-F FX5UJ-60MT-ES-A, MELSEC iQ-F FX5UJ-60MR-ES-A, MELSEC iQ-F FX5S-30MT-ES, MELSEC iQ-F FX5S-30MT-DS, MELSEC iQ-F FX5S-30MT-ESS, MELSEC iQ-F FX5S-30MT-DSS, MELSEC iQ-F FX5S-40MT-ES, MELSEC iQ-F FX5S-40MT-DS, MELSEC iQ-F FX5S-40MT-ESS, MELSEC iQ-F FX5S-40MT-DSS, MELSEC iQ-F FX5S-60MT-ES, MELSEC iQ-F FX5S-60MT-DS, MELSEC iQ-F FX5S-60MT-ESS, MELSEC iQ-F FX5S-60MT-DSS, MELSEC iQ-F FX5S-80MT-ES, MELSEC iQ-F FX5S-80MT-DS, MELSEC iQ-F FX5S-80MT-ESS, MELSEC iQ-F FX5S-80MT-DSS, MELSEC iQ-F FX5S-30MR-ES, MELSEC iQ-F FX5S-30MR-DS, MELSEC iQ-F FX5S-40MR-ES, MELSEC iQ-F FX5S-40MR-DS, MELSEC iQ-F FX5S-60MR-ES, MELSEC iQ-F FX5S-60MR-DS, MELSEC iQ-F FX5S-80MR-ES and MELSEC iQ-F FX5S-80MR-DS. This impacts an unknown function of the component Modbus TCP. This manipulation causes missing authentication. This vulnerability is tracked as CVE-2025-7405. The attack is possible to be carried out remotely. No exploit exists. It is advisable to implement restrictive firewalling.

A vulnerability classified as problematic was found in Mitsubishi Electric MELSEC iQ-F FX5U-32MT-ES, MELSEC iQ-F FX5U-32MT-DS, MELSEC iQ-F FX5U-32MT-ESS, MELSEC iQ-F FX5U-32MT-DSS, MELSEC iQ-F FX5U-64MT-ES, MELSEC iQ-F FX5U-64MT-DS, MELSEC iQ-F FX5U-64MT-ESS, MELSEC iQ-F FX5U-64MT-DSS, MELSEC iQ-F FX5U-80MT-ES, MELSEC iQ-F FX5U-80MT-DS, MELSEC iQ-F FX5U-80MT-ESS, MELSEC iQ-F FX5U-80MT-DSS, MELSEC iQ-F FX5U-32MR-ES, MELSEC iQ-F FX5U-32MR-DS, MELSEC iQ-F FX5U-64MR-ES, MELSEC iQ-F FX5U-64MR-DS, MELSEC iQ-F FX5U-80MR-ES, MELSEC iQ-F FX5U-80MR-DS, MELSEC iQ-F FX5UC-32MT-D, MELSEC iQ-F FX5UC-32MT-DSS, MELSEC iQ-F FX5UC-64MT-D, MELSEC iQ-F FX5UC-64MT-DSS, MELSEC iQ-F FX5UC-96MT-D, MELSEC iQ-F FX5UC-96MT-DSS, MELSEC iQ-F FX5UC-32MT-DS-TS, MELSEC iQ-F FX5UC-32MT-DSS-TS, MELSEC iQ-F FX5UC-32MR-DS-TS, MELSEC iQ-F FX5UJ-24MT-ES, MELSEC iQ-F FX5UJ-24MT-DS, MELSEC iQ-F FX5UJ-24MT-ESS, MELSEC iQ-F FX5UJ-24MT-DSS, MELSEC iQ-F FX5UJ-40MT-ES, MELSEC iQ-F FX5UJ-40MT-DS, MELSEC iQ-F FX5UJ-40MT-ESS, MELSEC iQ-F FX5UJ-40MT-DSS, MELSEC iQ-F FX5UJ-60MT-ES, MELSEC iQ-F FX5UJ-60MT-DS, MELSEC iQ-F FX5UJ-60MT-ESS, MELSEC iQ-F FX5UJ-60MT-DSS, MELSEC iQ-F FX5UJ-24MR-ES, MELSEC iQ-F FX5UJ-24MR-DS, MELSEC iQ-F FX5UJ-40MR-ES, MELSEC iQ-F FX5UJ-40MR-DS, MELSEC iQ-F FX5UJ-60MR-ES, MELSEC iQ-F FX5UJ-60MR-DS, MELSEC iQ-F FX5UJ-24MT-ES-A, MELSEC iQ-F FX5UJ-24MR-ES-A, MELSEC iQ-F FX5UJ-40MT-ES-A, MELSEC iQ-F FX5UJ-40MR-ES-A, MELSEC iQ-F FX5UJ-60MT-ES-A, MELSEC iQ-F FX5UJ-60MR-ES-A, MELSEC iQ-F FX5S-30MT-ES, MELSEC iQ-F FX5S-30MT-DS, MELSEC iQ-F FX5S-30MT-ESS, MELSEC iQ-F FX5S-30MT-DSS, MELSEC iQ-F FX5S-40MT-ES, MELSEC iQ-F FX5S-40MT-DS, MELSEC iQ-F FX5S-40MT-ESS, MELSEC iQ-F FX5S-40MT-DSS, MELSEC iQ-F FX5S-60MT-ES, MELSEC iQ-F FX5S-60MT-DS, MELSEC iQ-F FX5S-60MT-ESS, MELSEC iQ-F FX5S-60MT-DSS, MELSEC iQ-F FX5S-80MT-ES, MELSEC iQ-F FX5S-80MT-DS, MELSEC iQ-F FX5S-80MT-ESS, MELSEC iQ-F FX5S-80MT-DSS, MELSEC iQ-F FX5S-30MR-ES, MELSEC iQ-F FX5S-30MR-DS, MELSEC iQ-F FX5S-40MR-ES, MELSEC iQ-F FX5S-40MR-DS, MELSEC iQ-F FX5S-60MR-ES, MELSEC iQ-F FX5S-60MR-DS, MELSEC iQ-F FX5S-80MR-ES and MELSEC iQ-F FX5S-80MR-DS 3.1/7.5. This affects an unknown function of the component SLMP Messages Handler. The manipulation results in cleartext transmission of sensitive information. This vulnerability is identified as CVE-2025-7731. The attack can be executed remotely. There is not any exploit available. Applying restrictive firewalling is recommended.

A sophisticated phishing campaign has been identified, where threat actors impersonate IT helpdesk personnel through Teams’ external communication features, exploiting the platform’s default configuration to bypass traditional email security measures and gain unauthorized screen-sharing and remote-control capabilities. The attacks leverage Teams’ external collaboration features, which are enabled by default in Microsoft 365 tenants, allowing attackers […]

The post Hackers Exploit Microsoft Teams, Posing as IT Help Desk for Screen Sharing and Remote Access appeared first on Cyber Security News.

A vulnerability classified as critical has been found in Slider Revolution Plugin up to 6.7.36 on WordPress. The impacted element is an unknown function. The manipulation of the argument used_svg/used_images leads to path traversal. This vulnerability is referenced as CVE-2025-9217. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability described as critical has been identified in Booster for WooCommerce Plugin up to 7.2.4 on WordPress. The affected element is the function add_files_to_order of the component Double Extension Handler. Executing manipulation can lead to unrestricted upload. The identification of this vulnerability is CVE-2024-13342. The attack may be launched remotely. There is no exploit available.

A vulnerability marked as critical has been reported in Apple macOS up to 15.1. Impacted is an unknown function of the component File Handler. Performing manipulation results in memory corruption. This vulnerability was named CVE-2024-54568. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.