Aggregator

Submit #704951 / VDB-336190

Submit #704794 / VDB-336200

A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Impacted is an unknown function of the component Mount Helper. The manipulation results in Local Privilege Escalation. This vulnerability was named CVE-2025-66003. The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in smb4k up to 4.0.4. This issue affects some unknown processing of the component Mount Helper. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2025-66002. Local access is required to approach this attack. No exploit exists. It is advisable to upgrade the affected component.

剑桥大学领导的研究团队根据委内瑞拉发现的距今 1240 万年的化石重建了古代水蟒（anacondas），发现这种热带蛇类体长达 5.2 米。1240 万年到 530 万年前的中新世中晚期，由于更温暖的全球气温，广阔的湿地和丰富的食物，很多动物体型远大于其现代近亲。中新世巨型动物如 12 米长的凯门鳄（Purussaurus），3.2 米长的巨型淡水龟（Stupendemys）都已经灭绝，但水蟒作为一种巨型动物仍然存活了下来。研究团队测量了 183 块水蟒脊椎骨化石，它们来自至少 32 条蟒蛇。结果显示古代水蟒体长约为 4-5 米，与现代的水蟒差不多。研究人员认为这展现了蟒蛇超强的适应能力。

A vulnerability classified as very critical was found in Nebim ERP up to 3.0.0. This vulnerability affects unknown code. Executing manipulation can lead to execution with unnecessary privileges. This vulnerability is handled as CVE-2025-13506. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in OpenVPN up to 2.7_rc2 on Windows. This affects an unknown part of the component Interactive Service Agent. The manipulation results in allocation of resources. This vulnerability is reported as CVE-2025-13751. The attack requires a local approach. No exploit exists.

A vulnerability classified as problematic has been found in OpenVPN up to 2.7_rc1. Impacted is an unknown function of the component Source IP Address Handler. This manipulation causes improper verification of source of a communication channel. This vulnerability is tracked as CVE-2025-13086. The attack is possible to be carried out remotely. No exploit exists.

Несколько дней подряд нуждающиеся в помощи слышали лишь бесконечные гудки.

A vulnerability was found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel up to 19.0.1/19.1.2/19.2.1. It has been declared as problematic. Impacted is an unknown function of the component React Server Component. Such manipulation leads to deserialization. This vulnerability is listed as CVE-2025-55183. The attack may be performed from remote. There is no available exploit.

A vulnerability classified as problematic has been found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel up to 19.0.1/19.1.2/19.2.1. Affected by this issue is some unknown functionality of the component React Server Component. Performing manipulation results in deserialization. This vulnerability is known as CVE-2025-55184. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability labeled as problematic has been found in JetBrains TeamCity up to 2025.11.1. Impacted is an unknown function of the component URL Validation Handler. The manipulation results in improper authorization in handler for custom url scheme. This vulnerability is identified as CVE-2025-67739. The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.

极右翼政党支持率的不断攀升施压欧洲各国政府加强移民管控。瑞士即将就一项提案进行投票，该提案把移民管控推向了新的高度——设定人口上限。如果瑞士居民人数从目前的约 900 万增至 1000 万以上，那么根据该提案瑞士可能全面禁止新移民入境，不管难民、技术工人还是年薪六位数的高级经理都一视同仁。根据瑞士的全民公投政策，公民预计会在明年就该提案进行投票表决。而民调显示该提案很可能会获得批准。限制人口流动从来不会有利于经济发展，全面限制新移民被认为可能会导致瑞士关键技能人才缺乏，损害国家竞争力。投票结果将展示公民为了维护国家的吸引力而愿意做出怎样的选择。右翼的瑞士人民党（Swiss People's Party）在上次选举中赢得了 28% 的选票，其竞选纲领将瑞士公民身份刻画成一种特权而非权利。该党在 2023 年提出了限制人口数量的设想，将其包装成一种保护瑞士生活方式和防止环境受到过度人类活动破坏的方法。

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit

A vulnerability identified as problematic has been detected in vcita Online Booking & Scheduling Calendar Plugin up to 4.5.3 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-54676. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in vcita Online Booking & Scheduling Calendar Plugin up to 4.5.3 on WordPress. It has been rated as critical. The impacted element is an unknown function. Performing manipulation results in unrestricted upload. This vulnerability is identified as CVE-2025-54677. The attack can be initiated remotely. There is not any exploit available.

Authorities disrupt hacktivists and data thieves, malicious VS Code extensions target developers, and CyberVolk returns with a flawed RaaS.