Aggregator

Submit #701624 / VDB-334663

Submit #701302 / VDB-334662

2024 年初德国北部州 Schleswig-Holstein（石勒苏益格-荷尔斯泰因）决定将政府机构使用的 3 万台 PC 从 Microsoft Windows 和 Microsoft Office 迁移到 Linux 和 LibreOffice。此举旨在加强数字主权。数字主权是指相对于封闭的私有软件，公共管理部门对开源软件构成的 IT 解决方案有更多的控制权。一年半之后 Schleswig-Holstein 州数字部长 Dirk Schrödter 表示明年该州在 Windows、Microsoft Office 等软件的许可费用上节省逾 1500 万欧元，未来几年预计将保持类似节省幅度。除税务部门外，州政府部门近八成办公场所已经切换到 LibreOffice。税务部门也制定了切换的时间表。依赖于 MS Word 或 Excel 的专业应用也将会完成切换。Schleswig-Holstein 州将在 2026 年投入一次性的 900 万欧元用于办公场所的软件升级以及基于自由软件的进一步开发。

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/admin_running.php. Executing manipulation of the argument product_image can lead to unrestricted upload. This vulnerability is registered as CVE-2025-14219. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #701229 / VDB-333349

A vulnerability has been found in code-projects Currency Exchange System 1.0 and classified as critical. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is cataloged as CVE-2025-14218. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-14217. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. This vulnerability is tracked as CVE-2025-14216. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-14215. The attack can be executed remotely. Additionally, an exploit exists.

朝鲜智能手机基于安卓深度定制，仅接入本土内网与受限 4G，无国际互联网权限。支持指纹 / 人脸识别、高像素拍照，预装本土工具与内置游戏。系统设安全签名、使用留痕机制，限制外部文件传输与软件安装，还含本土语言纠错功能，管控与实用功能兼具，详细型号如下： ARIRANG（阿里郎）系列图二 CHONGSONG（青松）系列 图三 HWAWON（花源）系列 图四 JINDALLAE（金达莱）系列 图五 图六 KILTONGMU（길동무）系列 图七 PHURUNHANAL（蓝天）系列 图八 PYONGYANG（平壤）系列 图九 SAMTHAESONG（三态星）系列 图十 图十一 这些手机（如Han 701和Sam Taesung 8）有下列机制，例如： 输入与韩国相关的词汇（如“Namhan”）会被自动替换为暗示“傀儡国家”的短语，“大韩民国”则被星号屏蔽。输入太阳姓名会自动加粗，脏话如“oppa”会被纠正为“同志”并发出警告。 手机完全阻断国际互联网连接，Han 701的Wi-Fi图标无效，Sam Taesung 8甚至无切换选项。仅限于“Mirae”国家内网连接 图十三，需要政府ID和认证SIM卡，提供速度缓慢的过滤内容。 预装应用主导一切，新应用安装需实体店授权 图十二，许多应用数月后过期需付费续订。图标模仿微软和谷歌等品牌，有些为盗版。 “Red Flag”功能会检查并删除非政府批准的外国文件或应用。手机会全天拍摄和截图，用户无法访问、删除或管理这些截图和照片，手动检查截图还会实时捕获新截图。

Submit #701209 / VDB-334661

Submit #701155 / VDB-334660

Submit #701154 / VDB-334659

Submit #701152 / VDB-334658

Submit #701151 / VDB-334657

A vulnerability classified as critical has been found in itsourcecode Student Information System 1.0. This affects an unknown part of the file /section_edit1.php. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-14214. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #701147 / VDB-244734

Submit #701025 / VDB-333063

Submit #701024 / VDB-333062

Submit #700987 / VDB-334656