Aggregator

AI 最大的作用，不是和你沟通，而是帮你和自己沟通。

A vulnerability has been found in MB Connect Line mbNET.mini up to 2.3.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-41674. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in MB Connect Line mbNET.mini up to 2.3.2. Affected is the function send_sms. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-41673. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open redirect. The identification of this vulnerability is CVE-2025-7953. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

On-prem SharePoint customers have been told to assume compromise, with attackers observed to be exfiltrating data from victim servers across critical sectors

学习如何分析题目+解决题目

升级避风险

看雪论坛作者ID：flyyyy

AI Agent的引入，标志着企业知识管理从被动查询迈入主动服务、智能执行的新阶段！

Submit #619279 / VDB-317099

A vulnerability was found in cpCommerce up to 1.0.9a. It has been rated as critical. This issue affects some unknown processing of the file manufacturer.php. The manipulation of the argument id_manufacturer leads to sql injection. The identification of this vulnerability is CVE-2007-2959. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Миллиарды корпоративных файлов перекочевали в даркнет из-за CVE-2025-54309.

一年一度的“大考”火热进行中，攻防演练期间本公众号会每日更新当天鲜活情报和热点漏洞，欢迎大家对我们进行收藏和关注！

A vulnerability, which was classified as problematic, has been found in Gutentor Plugin up to 3.4.8 on WordPress. This issue affects some unknown processing of the component Widget. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4685. The attack may be initiated remotely. There is no exploit available.

Get Q2 2025 Report Based on real data from 15,000+ global SOC teams. Top malware types, families, and APTs Changes in threat landscape since Q1 2025 What SOC teams need to focus on Opt in to receive news, updates, and promotions. Get free report Loading… A copy of the report has been sent to your […]

The post Malware Trends Report, Q2 2025: Know the Key Risks to Your Business appeared first on ANY.RUN's Cybersecurity Blog.

A vulnerability was found in actions toolkit up to 2.1.6. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-42471. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. This vulnerability was named CVE-2025-7952. The attack can be initiated remotely. Furthermore, there is an exploit available.

2025年07月14日-2025年07月20日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。国家

速速上车！

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7951. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.