Aggregator

“本月考勤公示”“年度放假安排”“高温补贴发放声明”等办公类文件，是职场中常见的电子文档。但一些别有用心的人会将其伪装成含有窃密病毒的文件，易使有关单位人员放松警惕，一旦点击将对信息数据安全造成危害。

为构建系统化的网络安全防线，我国陆续印发了《信息安全等级保护管理办法》《关键信息基础设施安全保护条例》《网络产品安全漏洞管理规定》等政策文件，体现了我国对漏洞治理的高度重视。

Het aantal chirurgische teams van Defensie groeit. Bij een conflict kunnen de teams direct aan de slag om gewonde militairen de best mogelijke zorg te bieden. Dat regelt het Instituut samenwerking Defensie en Relatieziekenhuizen (IDR). Vandaag viert het 25 jaar partnerschap met civiele ziekenhuizen.

A vulnerability, which was classified as problematic, was found in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to cross site scripting. This vulnerability is documented as CVE-2025-14538. The attack can be executed remotely. Additionally, an exploit exists.

Submit #703743 / VDB-310251

Submit #703736 / VDB-335877

关键词漏洞漏洞概述Windows Defender 防火墙服务中存在一个严重的信息泄露漏洞（CVE-2025-

关键词漏洞GitLab在本周关键安全更新中为其社区版（CE）和企业版（EE）发布了一系列重要补丁，修复了一个高

Иран представил самый быстрый дрон-камикадзе в своем арсенале.

Critical security patches on December 10, 2025, addressing ten significant vulnerabilities across its Community Edition and Enterprise Edition platforms. GitLab has released updated versions 18.6.2, 18.5.4, and 18.4.6 to address multiple high-severity security issues. High-Severity Threats Identified Four vulnerabilities received high-severity ratings and require immediate remediation. The vulnerability landscape includes four high-severity flaws, five medium-severity […]

The post GitLab Patches Multiple Vulnerabilities that Allows Attackers to Trigger XSS and DoS Attack appeared first on Cyber Security News.

An advanced persistent threat (APT) known as WIRTE has been attributed to attacks targeting government and diplomatic entities across the Middle East with a previously undocumented malware suite dubbed AshTag since 2020. Palo Alto Networks Unit 42 is tracking the activity cluster under the name Ashen Lepus. Artifacts uploaded to the VirusTotal platform show that the threat actor has trained its

Patches released by Jenkins address a significant denial-of-service (DoS) vulnerability affecting millions of organizations. That rely on the popular automation server for continuous integration and deployment pipelines. A high-severity vulnerability in Jenkins versions 2.540 and earlier (LTS 2.528.2 and earlier). Enables unauthenticated attackers to trigger denial of service attacks through the HTTP-based command-line interface. Vulnerability […]

The post High-Severity Jenkins Vulnerability Allows Unauthenticated DoS via HTTP CLI appeared first on Cyber Security News.

A vulnerability, which was classified as critical, has been found in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes sql injection. This vulnerability is registered as CVE-2025-14537. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability classified as critical was found in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. This vulnerability is cataloged as CVE-2025-14536. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. This vulnerability is listed as CVE-2025-14535. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. This vulnerability is tracked as CVE-2025-14534. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #703717 / VDB-335876