Aggregator

A vulnerability labeled as critical has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. This vulnerability is traded as CVE-2025-14642. The attack may be launched remotely. Furthermore, there is an exploit available. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

A vulnerability identified as critical has been detected in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. This vulnerability appears as CVE-2025-14641. The attack may be initiated remotely. In addition, an exploit is available. If you want to get best quality of vulnerability data, you may have to visit VulDB.

A vulnerability categorized as problematic has been discovered in Growatt ShineLan-X up to 3.6.0.2. This vulnerability affects unknown code of the component Communication Module. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-36748. The attack can be launched remotely. No exploit exists. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been rated as problematic. This affects an unknown part of the component Plant Management Page. The manipulation of the argument Plant Name leads to cross site scripting. This vulnerability is documented as CVE-2025-36750. The attack can be initiated remotely. There is not any exploit available. VulDB is the best source for vulnerability data and more expert information about this specific topic.

A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been declared as critical. Affected by this issue is some unknown functionality of the component SWD Debug Interface. Executing manipulation can lead to authentication bypass by spoofing. This vulnerability is registered as CVE-2025-36753. The physical device can be targeted for the attack. No exploit is available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been classified as critical. Affected by this vulnerability is an unknown functionality of the component Communication Dongle. Performing manipulation results in hard-coded credentials. This vulnerability is cataloged as CVE-2025-36752. The attack must originate from the local network. There is no exploit available. Once again VulDB remains the best source for vulnerability data.

A vulnerability was found in WPS Visitor Counter Plugin up to 1.4.8 on WordPress and classified as problematic. Affected is an unknown function. Such manipulation of the argument $_SERVER['REQUEST_URI'] leads to cross site scripting. This vulnerability is listed as CVE-2025-9116. The attack may be performed from remote. There is no available exploit. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

A vulnerability has been found in Growatt ShineLan-X up to 3.6.0.2 and classified as critical. This impacts an unknown function of the component Web Interface. This manipulation causes authentication bypass by spoofing. This vulnerability is tracked as CVE-2025-36754. The attack is possible to be carried out remotely. No exploit exists. If you want to get best quality of vulnerability data, you may have to visit VulDB.

A vulnerability, which was classified as problematic, was found in Growatt ShineLan-X up to 3.6.0.2. This affects an unknown function of the component Configuration Interface. The manipulation results in missing encryption of sensitive data. This vulnerability is identified as CVE-2025-36751. The attack can be executed remotely. There is not any exploit available. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Submit #707866 / VDB-336375

Submit #707865 / VDB-336374

A vulnerability, which was classified as critical, has been found in Growatt ShineLan-X up to 3.6.0.2. The impacted element is an unknown function of the component Firmware Handler. The manipulation leads to insufficient verification of data authenticity. This vulnerability is referenced as CVE-2025-36747. Remote exploitation of the attack is possible. No exploit is available.

Threat actors are increasingly abandoning traditional languages like C and C++ in favor of modern alternatives such as Golang, Rust, and Nim. This strategic shift enables developers to compile malicious code for both Linux and Windows with minimal modifications. Among the emerging threats in this landscape is “Luca Stealer,” a Rust-based information stealer that has […]

The post Rust-Based Luca Stealer Spreads Across Linux and Windows Systems appeared first on Cyber Security News.

网络钓鱼已演变为复杂攻击手段,常见类型包括电子邮件、短信和语音诈骗。这些攻击利用紧迫感和伪装可信度窃取信息或植入恶意软件。对网站管理员而言,风险更高,可能导致数据泄露或网站被黑。防范需结合意识提升、多重验证和安全防护。

«Генеративные вкладки» — звучит страшно. Но компания уверяет, что это удобнее обычного поиска.

2025年12月10日下午，由国家信息安全漏洞库（CNNVD）主办的第十五届网络安全漏洞分析与风险评估大会-网络漏洞治理生态分会在中国天津成功举办。

好莱坞导演 Carl Rinsch 以执导广告知名，他的首部电影处女作是 2013 年上映的《四十七浪人》，主演包括了基努·里维斯和真田广之。这部电影投资 1.75 亿美元但票房只有 1.5 亿美元，是当年亏损金额最高的电影之一，Rinsch 之后回归执导广告。他与其妻子策划了一部以有机智能为主题的科幻剧集，其创意受到了流媒体公司的青睐，Netflix 获得了版权，同意投资 6120 万美元制作名为《Conquest》的剧集。但《Conquest》的制作过程并不顺利，Netflix 在 2021 年放弃了这部剧集。Rinsch 被控挪用了 1100 万美元，将这些资金转移到个人证券账户，且在两个月内因证券投资亏损逾半。他之后开始投机购买加密货币狗币（Dogecoin），2021 年 5 月套现，获利 2300 万美元，显著改善了个人财务状况。他随后花费 240 万美元购买了五辆劳斯莱斯和一辆法拉利，花 330 万美元购买了家具和古董，38.7 万美元购买了一块瑞士手表。Netflix 已经勾销了 5500 万美元坏账，没有追回任何款项。本周纽约南区法院陪审团裁定这位 48 岁的导演七项罪名成立，他将面临最高 90 年监禁，其判决将于 2026 年 4 月 17 日宣布。

嗯，用户让我帮忙总结一篇文章，控制在一百个字以内，而且不需要特定的开头。首先，我得仔细阅读这篇文章，理解它的主要内容。 文章讲的是一个安全漏洞，叫做不安全的直接对象引用（IDOR）。作者在审计一个企业门户时发现了这个漏洞。攻击者可以通过简单的输入引发严重的后果，比如接管内部员工的身份信息。具体来说，攻击者利用API获取用户的唯一标识符xid，然后通过修改请求中的xid参数来更新其他人的资料。 接下来，我需要提炼出关键点：IDOR漏洞、API泄露xid、攻击者接管员工资料、强调验证用户权限的重要性。然后把这些点浓缩成一句话，确保不超过一百个字。 最后，检查一下是否符合用户的要求，没有使用“文章内容总结”之类的开头，并且语言简洁明了。 文章描述了一次通过API漏洞实现的Insecure Direct Object Reference（IDOR）攻击。攻击者利用API泄露的用户唯一标识符（xid），无需猜测或暴力破解即可获取高价值员工信息，并通过篡改请求参数接管其账户。该漏洞暴露了身份验证机制中缺乏对客户端提供的对象引用的有效校验问题。

文章描述了一次严重的Insecure Direct Object Reference (IDOR)漏洞攻击。攻击者通过API获取内部员工的唯一标识符xid，并利用该标识符修改高管和HR的个人信息。开发者未验证用户权限，导致身份信息被篡改，引发潜在的社会工程和内部欺诈风险。

嗯，用户让我帮忙总结一篇文章的内容，控制在100字以内，而且不需要特定的开头。首先，我得仔细看看用户提供的文章内容。看起来这篇文章主要讨论了MITRE为网络安全社区提供的各种资源，特别是ATT&CK框架。 文章提到了红队、蓝队和紫队人员如何使用ATT&CK矩阵，特别是红队。然后还涉及到了技术ID，比如T15663，以及相关的缓解措施，如用户培训。最后还提到了检测的数据来源。 接下来，我需要把这些信息浓缩到100字以内。重点应该是MITRE的资源、ATT&CK框架的应用、技术ID和缓解措施。同时要确保语言简洁明了。 可能的结构是：先点出讨论的主题是MITRE的资源及其应用，然后提到红队、蓝队等人员如何使用ATT&CK矩阵，接着说明技术ID和缓解措施的内容，最后提到数据来源。 这样应该能在100字以内涵盖主要信息。 本文讨论了MITRE为网络安全社区提供的资源及其应用，包括ATT&CK框架在红队、蓝队等人员中的使用方法、技术ID（如T15663）及缓解措施（如用户培训），并涉及检测数据来源。