Aggregator

CVE-2025-14190 | Chanjet TPlus up to 20251121 currentAccId sql injection (EUVD-2025-201599)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability identified as critical has been detected in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. The identification of this vulnerability is CVE-2025-14190. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is advisable to implement restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-14189 | Chanjet CRM up to 20251121 jxf_dump_table_demo.php gblOrgID sql injection (EUVD-2025-201600)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability categorized as critical has been discovered in Chanjet CRM up to 20251121. Affected is an unknown function of the file /tools/jxf_dump_table_demo.php. The manipulation of the argument gblOrgID results in sql injection. This vulnerability was named CVE-2025-14189. The attack may be performed from remote. In addition, an exploit is available. Applying restrictive firewalling is recommended. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection (EUVD-2025-201598)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. The manipulation of the argument path leads to command injection. This vulnerability is uniquely identified as CVE-2025-14188. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-14187 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path buffer overflow (EUVD-2025-201596)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been declared as critical. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing manipulation of the argument path can lead to buffer overflow. This vulnerability is handled as CVE-2025-14187. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9491

CVE Trends
3 weeks 5 days ago
Currently trending CVE - Hype Score: 3 - Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target ...

CVE-2025-14186 | Grandstream GXP1625 1.0.7.4 Network Status Page /cgi-bin/api.values.post vpn_ip cross site scripting (EUVD-2025-201595)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability was found in Grandstream GXP1625 1.0.7.4. It has been classified as problematic. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. This vulnerability is known as CVE-2025-14186. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

三成英国医生在会诊时使用 AI 工具

Solidot
3 weeks 5 days ago
根据 Nuffield Trust 智库的一项研究,三成英国全科医生在会诊时使用 AI 工具如 ChatGPT,由于 AI 工具不可避免存在幻觉,使用这些工具可能会导致医生犯错和面临诉讼。研究调查了 2108 名家庭医生,598 人(28%)的人表示已在使用 AI 工具,男性医生(33%)使用 AI 的比例高于女性医生(25%),富裕地区医生使用 AI 的比例远高于贫困地区。报告指出,无论是否使用 AI,绝大多数全科医生都担心诊所可能会面临“职业责任和医疗法律问题”、“临床错误风险”以及“患者隐私和数据安全”问题。调查还发现,使用 AI 工具的医生将节省下来的时间用于休息而不是接诊更多患者。

CVE-2025-14185 | Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp AppServletService.class usercode sql injection (EUVD-2025-201593)

VulDB Recent Entries
3 weeks 5 days ago
A vulnerability was found in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp and classified as critical. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. This vulnerability is traded as CVE-2025-14185. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

IF 2026 第一日的「高光」时刻

极客公园
3 weeks 5 days ago
今天,我们在 AI 里摸到了普通人的「自由」 极客公园创新大会 2026 第一天圆满收官! 从 AI 探索想象力,到物理 AI 重塑生活,再到人人可触达的 3D 创作,有人追问未来,有人拆箱新应用——这场「非共识」浓度超标的 AI 盛宴,我们见证了如何掌握主动权,「进程由我」! 明天,由极客公园编辑部精挑细选的来自不同领域的「最有料」的人,还将继续炸场,大胆分享他们的「非共识」。 更多精彩,关注极客公园,我们不见不散! #极客公园创新大会 #极客公园创新大会2026 #IF2026

Managed ad