Aggregator

夏威夷航空遭网络攻击致部分系统受阻，飞行安全未受影响。已联系当局和专家调查，并聘请外部专家评估影响。官网称航班未受影响。该航空公司由阿拉斯加航空集团所有，双方网站均发布警告。FAA称安全无虞。攻击性质尚不明确。

文章探讨了Salesforce数据卫生的重要性及其对业务的影响。通过设置重复规则和验证规则，使用AI工具进行自动化清理，并定期监控和标准化数据格式，企业可以提升数据质量。这不仅节省时间，还能提高分析准确性。

Hawaiian Airlines, the tenth-largest commercial airline in the United States, is investigating a cyberattack that has disrupted access to some of its systems. [...]

A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. This vulnerability affects unknown code of the file /setupA.cfg of the component Web-based Management Interface. The manipulation leads to missing authentication. This vulnerability was named CVE-2025-6763. Access to the local network is required for this attack. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.

Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore availability and uptime. (Though, in truth, network engineers deal with chaos every day.) The network is what keeps businesses up and running, so it must be resilient. However, several factors contribute to the complexity of … More →

The post Managing through chaos to secure networks appeared first on Help Net Security.

Submit #599848 / VDB-314074

A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the argument Host leads to server-side request forgery. This vulnerability is uniquely identified as CVE-2025-6762. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has been rated as critical. Affected by this issue is the function plugin.buildMobilePopHtml of the file \k3\o2o\bos\webapp\action\DynamicForm 4 Action.class of the component Freemarker Engine. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is handled as CVE-2025-6761. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component. The vendor explains, that in the fixed release "Freemarker is set to 'ALLOWS_NOTHING_RESOLVER' to not parse any classes."

Submit #598896 / VDB-314073

Компенсации получат почти миллион пользователей, пострадавших от навязанных покупок.

Submit #601207 / VDB-314072

A vulnerability was found in cri-o. It has been declared as problematic. Affected by this vulnerability is the function os.ReadFile of the file /etc/passwd. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-4437. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in Ninja Forms Plugin up to 3.10.2.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-5398. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Flock Safety Gunshot Detection up to 1.2 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information. The identification of this vulnerability is CVE-2025-47820. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Flock Safety Gunshot Detection up to 1.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to on-chip debug and test interface with improper access control. This vulnerability was named CVE-2025-47819. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Flock Safety Gunshot Detection up to 1.2. This affects an unknown part. The manipulation leads to use of hard-coded password. This vulnerability is uniquely identified as CVE-2025-47818. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Flock Safety License Plate Reader up to 2.2. Affected by this issue is some unknown functionality. The manipulation leads to cleartext storage of sensitive information. This vulnerability is handled as CVE-2025-47824. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as problematic was found in Flock Safety License Plate Reader up to 2.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2025-47823. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability classified as critical has been found in Flock Safety License Plate Reader up to 2.2. Affected is an unknown function. The manipulation leads to on-chip debug and test interface with improper access control. This vulnerability is traded as CVE-2025-47822. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability was found in Flock Safety Gunshot Detection up to 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to use of hard-coded password. The identification of this vulnerability is CVE-2025-47821. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.