Aggregator

数世咨询专业报告深度解读，360漏洞情报解决方案助力企业构筑精准主动防御能力，实现漏洞风险先知先防。

Overview On December 10, NSFOCUS CERT detected that Microsoft released the December Security Update patch, which fixed 57 security issues involving widely used products such as Windows, Microsoft Office, Microsoft Exchange Server, Azure, etc., including high-risk vulnerability types such as privilege escalation and remote code execution. Among the vulnerabilities fixed by Microsoft’s monthly update this […]

The post Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s December Security Update of High-Risk Vulnerability Notice for Multiple Products appeared first on Security Boulevard.

A vulnerability was found in Adobe ColdFusion up to 2021.22/2023.16/2025.4. It has been classified as problematic. Affected is an unknown function. The manipulation leads to insufficiently protected credentials. This vulnerability is listed as CVE-2025-64898. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Adobe ColdFusion up to 2021.22/2023.16/2025.4. It has been declared as problematic. The affected element is an unknown function. Executing manipulation can lead to xml external entity reference. This vulnerability is tracked as CVE-2025-61813. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe ColdFusion up to 2021.22/2023.16/2025.4. The impacted element is an unknown function. Such manipulation leads to improper access controls. This vulnerability is referenced as CVE-2025-61811. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

A vulnerability classified as critical was found in containernetworking plugins up to 1.8.x. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to improper access controls. This vulnerability is handled as CVE-2025-67499. It is possible to launch the attack on the local host. There is not any exploit available. Upgrading the affected component is advised.

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other disclosures, Google has opted to keep information about the CVE identifier, the affected component, and

作者：LamentXU 原文链接：https://www.cnblogs.com/LAMENTXU/articles/19101758 Typhon项目已加入知道创宇404实验室星链计划，项目地址：https://github.com/LamentXU123/Typhon 随着CTF题目的发展，越来越多的自动化解题工具诞生，使CTFer能够避开繁琐而固定的解题流程，并将精力花在真正能学到东西...

A vulnerability classified as critical was found in Webmin up to 2.599. This affects an unknown function of the file squid/cachemgr.cgi of the component Squid Module. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2025-67738. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. This vulnerability is cataloged as CVE-2025-14522. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. This vulnerability is listed as CVE-2025-14521. The attack may be performed from remote. In addition, an exploit is available. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. This vulnerability is tracked as CVE-2025-14520. The attack is possible to be carried out remotely. Moreover, an exploit is present. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-14519. The attack can be executed remotely. Additionally, an exploit exists. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

Опубликован код системы, которая чистит звук лучше любых слуховых аппаратов.

印度工业和内部贸易促进部发表了一项提议框架，允许 AI 公司使用所有受版权保护的作品训练模型，但需向一个由版权所有者组织组成的新收款机构支付版税，版税随后将分配给创作者。该提案认为这种“强制性一揽子许可”将降低 AI 公司的合规成本，同时确保作家、音乐家、艺术家等版权所有者在其作品被用于训练商业模型时获得补偿。

Submit #702950 / VDB-335860

Submit #702949 / VDB-335859

Submit #702948 / VDB-335858

Submit #702943 / VDB-335857

Open source security software has become a key way for teams to get flexibility, transparency, and capability without licensing costs. The free tools in this roundup address problems security teams deal with, from managing large environments to catching misconfigurations and understanding how new technologies change threat exposure. Aegis Authenticator: Free, open-source 2FA app for Android Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. Arkime: … More →

The post 40 open-source tools redefining how security teams secure the stack appeared first on Help Net Security.