Aggregator

A vulnerability was found in Iskra iHUB and iHUB Lite. It has been rated as critical. This vulnerability affects unknown code. This manipulation causes missing authentication. This vulnerability is tracked as CVE-2025-13510. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in Industrial Video & Control Longwatch up to 6.334. This issue affects some unknown processing of the component HTTP GET Request Handler. Such manipulation leads to code injection. This vulnerability is listed as CVE-2025-13658. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年11月24日至2025年11月30日）安全漏洞情况如下

好，我现在要帮用户总结一篇文章的内容，控制在100字以内。首先，我需要仔细阅读用户提供的文章内容。文章标题是“环境异常”，里面提到“当前环境异常，完成验证后即可继续访问。”还有一个按钮“去验证”。 看起来这篇文章主要是在通知用户当前遇到了环境异常的问题，可能是在登录或访问某个服务时出现的错误。用户需要完成验证步骤才能继续使用服务。因此，总结时要突出环境异常和验证的必要性。 接下来，我要确保总结控制在100字以内，并且不使用“文章内容总结”或“这篇文章”这样的开头。直接描述文章内容即可。 可能的总结是：“当前环境出现异常，需完成验证后才能继续访问。”这样既简洁又准确地传达了文章的核心信息。 最后，检查一下是否符合用户的所有要求：中文、100字以内、直接描述内容、不使用特定开头。确认无误后，就可以给出这个总结了。 当前环境出现异常，需完成验证后才能继续访问。

Datadog has launched Bits AI SRE, an AI agent aware of telemetry, architecture, and organizational context that investigates alerts and surfaces action able root cause in minutes, giving engineers the information they need to confidently resolve incidents faster, save engineering hours, and reduce end-user and business impact. Bits AI SRE is part of Datadog’s Bits AI, a suite of AI capabilities that works autonomously across critical monitoring, development, and security workflows to help teams resolve … More →

The post Datadog introduces Bits AI SRE to automate alert investigation and root cause analysis appeared first on Help Net Security.

A vulnerability classified as critical was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. This impacts an unknown function of the component Legacy GRUB Bootloader Configuration Handler. The manipulation results in improper privilege management. This vulnerability was named CVE-2025-59697. An attack on the physical device is feasible. There is no available exploit.

A vulnerability, which was classified as problematic, was found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7. Affected by this vulnerability is an unknown functionality. Such manipulation leads to information exposure through discrepancy. This vulnerability is referenced as CVE-2025-59702. The attack can be executed directly on the physical device. No exploit is available.

A vulnerability has been found in Entrust nShield Connect XC, nShield 5c and nShield HSMi up to 13.6.11/13.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Chassis Management Board. Performing manipulation results in improper physical access control. This vulnerability is identified as CVE-2025-59696. The attack may be carried out on the physical device. There is not any exploit available.

A vulnerability was found in Apptainer up to 1.4.4. It has been classified as critical. The affected element is an unknown function. This manipulation causes symlink following. This vulnerability is tracked as CVE-2025-65105. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in Grav CMS 1.7.49. This issue affects some unknown processing of the component Page Editor. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-65186. The attack is possible to be carried out remotely. No exploit exists.

Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as problematic, has been found in Kiteworks MFT up to 9.0.x. This affects an unknown part. This manipulation causes session expiration. This vulnerability is registered as CVE-2025-53896. The attack needs to be launched locally. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Sqlalchemy mako up to 1.2.1. The impacted element is the function Lexer. Such manipulation leads to incorrect regular expression. This vulnerability is listed as CVE-2022-40023. The attack must be carried out from within the local network. There is no available exploit. You should upgrade the affected component.

嗯，用户让我用中文帮他总结一下这篇文章的内容，控制在一百个字以内，而且不需要以“文章内容总结”或者“这篇文章”这样的开头，直接写描述即可。好的，我先仔细看一下文章内容。 文章主要讲的是CVE-2025-13615这个漏洞，它存在于WordPress的StreamTube Core插件中。这个漏洞允许未经身份验证的攻击者任意修改任何用户账户的密码，包括管理员。CVSS评分是9.8分，属于严重级别。受影响的版本是4.78及以下，全球大约有5000到10000个网站受到影响。 接下来，文章详细分析了漏洞的技术原理，包括攻击链和利用方法。还提到了修复措施和防护建议，比如禁用功能、部署热修复、使用WAF等。最后还讨论了行业启示和安全建议。 用户的需求是总结这篇文章的内容，控制在100字以内。所以我要抓住关键点：漏洞名称、影响范围、CVSS评分、攻击者的能力、受影响版本以及修复建议。 可能需要避免使用过于专业的术语，让总结更简洁明了。同时，确保涵盖所有重要信息：漏洞严重性、影响范围、修复措施等。 现在试着组织语言：CVE-2025-13615是WordPress StreamTube Core插件的严重漏洞，允许未认证攻击者修改任何用户密码，CVSS 9.8分。影响4.78及以下版本，约5,000-10,000网站受影响。文章分析了技术细节和修复方案。 检查字数是否在限制内，并且是否涵盖了所有关键点。 CVE-2025-13615是WordPress StreamTube Core插件的严重漏洞，允许未认证攻击者修改任何用户密码（CVSS 9.8分），影响4.78及以下版本。全球约5,000-10,000网站受影响。文章分析了技术细节和修复方案。

Panaseer has released the Panaseer IQ Suite, a new family of GenAI powered tools designed for organizations facing growing attack surfaces and attackers using AI to expand their reach and precision. By turning cybersecurity controls data into actionable remediation across the enterprise, the IQ Suite enables security teams to take a more proactive, risk driven approach. The IQ Suite builds on the Panaseer Continuous Controls Monitoring (CCM) platform’s existing capability to measure hundreds of metrics … More →

The post Panaseer IQ Suite uses generative AI to explain risk changes and guide remediation appeared first on Help Net Security.

A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. It has been rated as critical. This impacts an unknown function of the component Display. This manipulation causes use of uninitialized variable. This vulnerability is handled as CVE-2025-20771. It is possible to launch the attack on the local host. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. This issue affects some unknown processing of the component Display. Such manipulation leads to use of uninitialized variable. This vulnerability is documented as CVE-2025-20766. The attack needs to be performed locally. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793 and classified as critical. Impacted is an unknown function of the component Display. Performing manipulation results in out-of-bounds write. This vulnerability is reported as CVE-2025-20767. The attack requires a local approach. No exploit exists. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in MediaTek MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989 and MT6991 and classified as critical. The affected element is an unknown function of the component Display. Executing manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2025-20768. The attack requires local access. There is no available exploit. It is advisable to implement a patch to correct this issue.

A vulnerability was found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792 and MT8793. It has been declared as critical. This affects an unknown function of the component Display. The manipulation results in use after free. This vulnerability is known as CVE-2025-20770. Attacking locally is a requirement. No exploit is available. It is best practice to apply a patch to resolve this issue.