Aggregator

Submit #701673 / VDB-334666

A vulnerability was found in SourceCodester Online Banking System 1.0. It has been declared as problematic. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. This vulnerability is reported as CVE-2025-14221. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in ORICO CD3510 1.9.12. It has been classified as critical. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. This vulnerability is documented as CVE-2025-14220. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #701639 / VDB-334665

Submit #701636 / VDB-334664

Submit #701624 / VDB-334663

Submit #701302 / VDB-334662

2024 年初德国北部州 Schleswig-Holstein（石勒苏益格-荷尔斯泰因）决定将政府机构使用的 3 万台 PC 从 Microsoft Windows 和 Microsoft Office 迁移到 Linux 和 LibreOffice。此举旨在加强数字主权。数字主权是指相对于封闭的私有软件，公共管理部门对开源软件构成的 IT 解决方案有更多的控制权。一年半之后 Schleswig-Holstein 州数字部长 Dirk Schrödter 表示明年该州在 Windows、Microsoft Office 等软件的许可费用上节省逾 1500 万欧元，未来几年预计将保持类似节省幅度。除税务部门外，州政府部门近八成办公场所已经切换到 LibreOffice。税务部门也制定了切换的时间表。依赖于 MS Word 或 Excel 的专业应用也将会完成切换。Schleswig-Holstein 州将在 2026 年投入一次性的 900 万欧元用于办公场所的软件升级以及基于自由软件的进一步开发。

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. This vulnerability is registered as CVE-2025-14219. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #701229 / VDB-333349

A vulnerability has been found in code-projects Currency Exchange System 1.0 and classified as critical. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-14218. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-14217. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2025-14216. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-14215. The attack can be executed remotely. Additionally, an exploit exists.

朝鲜智能手机基于安卓深度定制，仅接入本土内网与受限 4G，无国际互联网权限。支持指纹 / 人脸识别、高像素拍照，预装本土工具与内置游戏。系统设安全签名、使用留痕机制，限制外部文件传输与软件安装，还含本土语言纠错功能，管控与实用功能兼具，详细型号如下： ARIRANG（阿里郎）系列图二 CHONGSONG（青松）系列 图三 HWAWON（花源）系列 图四 JINDALLAE（金达莱）系列 图五 图六 KILTONGMU（길동무）系列 图七 PHURUNHANAL（蓝天）系列 图八 PYONGYANG（平壤）系列 图九 SAMTHAESONG（三态星）系列 图十 图十一 这些手机（如Han 701和Sam Taesung 8）有下列机制，例如： 输入与韩国相关的词汇（如“Namhan”）会被自动替换为暗示“傀儡国家”的短语，“大韩民国”则被星号屏蔽。输入太阳姓名会自动加粗，脏话如“oppa”会被纠正为“同志”并发出警告。 手机完全阻断国际互联网连接，Han 701的Wi-Fi图标无效，Sam Taesung 8甚至无切换选项。仅限于“Mirae”国家内网连接 图十三，需要政府ID和认证SIM卡，提供速度缓慢的过滤内容。 预装应用主导一切，新应用安装需实体店授权 图十二，许多应用数月后过期需付费续订。图标模仿微软和谷歌等品牌，有些为盗版。 “Red Flag”功能会检查并删除非政府批准的外国文件或应用。手机会全天拍摄和截图，用户无法访问、删除或管理这些截图和照片，手动检查截图还会实时捕获新截图。

Submit #701209 / VDB-334661

Submit #701155 / VDB-334660

Submit #701154 / VDB-334659

Submit #701152 / VDB-334658

Submit #701151 / VDB-334657