Aggregator

На фоне проблем с СМС Telegram внедрил поддержку ключей доступа Passkey.

A vulnerability labeled as critical has been found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id results in sql injection. This vulnerability is cataloged as CVE-2025-14259. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. This vulnerability is listed as CVE-2025-14258. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as critical has been discovered in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument ID can lead to sql injection. This vulnerability is tracked as CVE-2025-14257. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode Student Management System 1.0. It has been rated as critical. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-14256. The attack can be initiated remotely. Additionally, an exploit exists.

It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there is the large number of Microsoft products that have come to EOL/EOS near the end of this year. It seemed there was always a reason their products would get official extended support at the last minute, … More →

The post December 2025 Patch Tuesday forecast: And it’s a wrap appeared first on Help Net Security.

Submit #702613 / VDB-334765

A vulnerability was found in ORICO CD3510 1.9.12. It has been classified as critical. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. This vulnerability is documented as CVE-2025-14220. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in SourceCodester Online Banking System 1.0. It has been declared as problematic. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. This vulnerability is reported as CVE-2025-14221. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in MyBB 1.8.38. It has been classified as problematic. The affected element is an unknown function of the file install\index.php. This manipulation of the argument Website Name causes cross site scripting. This vulnerability is tracked as CVE-2024-52702. The attack is possible to be carried out remotely. No exploit exists.

非洲企鹅每年都会换羽，脱落磨损的旧羽毛换上新羽毛，以保持羽毛的保暖和防水性能。换羽期间企鹅生活在陆地上三周无法捕猎，因此演化出储存脂肪的机制，利用自身脂肪度过换羽禁食期。换羽之后它需要迅速捕捉食物以恢复体能。如果换羽前后没有找到足够的食物，它们会难以生存。南非研究人员报告，在 2004-2011 年间南非西部沿海的沙丁鱼储量低于其峰值的四分之一（主要原因是过度捕捞），可能导致企鹅因为食物严重短缺而大规模死亡，期间估计有 6.2 万只企鹅死亡。非洲企鹅在 2024 年被列为极度濒危物种。研究人员称其它地区的企鹅种群数量也出现了大规模锐减。过去 30 年企鹅全球种群数量下降了近 80%。

Submit #702619 / VDB-334764

Submit #702487 / VDB-334763

Submit #702484 / VDB-334762

A vulnerability categorized as critical has been discovered in phpipam 1.4. Affected is an unknown function of the file app/admin/custom-fields/order.php. Executing manipulation of the argument table as part of Parameter can lead to sql injection. This vulnerability appears as CVE-2019-16693. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in OpenRepeater up to 2.1. Affected by this issue is some unknown functionality of the file functions/ajax_system.php. The manipulation of the argument post_service leads to os command injection. This vulnerability is documented as CVE-2019-25024. The attack requires being on the local network. Additionally, an exploit exists. It is advisable to upgrade the affected component.

CISA and global partners issue new guidance for secure AI integration in operational technology, highlighting risks, governance, behavioral analytics, and OT safety.

The post CISA Releases New AI-in-OT Security Guidance: Key Principles & Risks appeared first on Security Boulevard.

Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models, tools, data sources, and memory stores. A research team from NVIDIA and Lakera AI has released a safety and security framework that tries to map these risks and measure them inside real workflows. The work … More →

The post NVIDIA research shows how agentic AI fails under attack appeared first on Help Net Security.

Name: WannaGame Championship 2025 (an WannaGame Championship event.)
Date: Dec. 6, 2025, 1 a.m. — 08 Dec. 2025, 01:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.cnsc.com.vn/
Rating weight: 29.00
Event organizers: Wanna.One