Aggregator

A vulnerability has been found in ESAFENET CDG 5.6.3.154.205_20250114 and classified as critical. This vulnerability affects unknown code of the file /parameter/getLimitIPList.jsp. The manipulation of the argument noticeId leads to sql injection. This vulnerability was named CVE-2025-3401. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in ESAFENET CDG 5.6.3.154.205_20250114. This affects an unknown part of the file /client/UnChkMailApplication.jsp. The manipulation of the argument typename leads to sql injection. This vulnerability is uniquely identified as CVE-2025-3400. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5.6.3.154.205_20250114. Affected by this issue is some unknown functionality of the file /pubinfo/updateNotice.jsp. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-3399. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #545864 / VDB-272231

近期捕获的远控木马使用的通信证书与此前在Github上挖掘发现的远控木马的通信证书相同

Vodafone Business has urged the UK government to implement policy changes, including improvements to the Cyber Essentials scheme and tax incentives for cybersecurity

Defensie heeft vandaag de app Defensie Dichtbij gelanceerd. Hiermee vergroot Defensie de mogelijkheid om in geval van crisis de samenleving van informatie te blijven voorzien. Defensie Dichtbij is gebouwd voor mobiel gebruik en biedt op termijn ook locatiespecifieke informatie. Ga naar www.defensiedichtbij.nl en installeer de app via de pop-up!

Submit #542343 / VDB-303647

近日，社交APP因后台持续高频获取用户位置信息，引发用户对隐私安全的担忧。事实上，公众对部分APP过度索取权限、频繁访问个人信息等行为的质疑声一直存在。面对“一划不到底”的隐私协议，用户往往匆匆点击同意，更为APP频频“越界”提供了空间。

近期一些引发舆论热议的“开盒”事件，让网络暴力和个人信息安全问题再次成为人们关注的焦点。

北京可信华泰信息技术有限公司近日宣布启动战略升级，将于近期推出基于AI大模型的全新产品与解决方案。此次转型标志着这家深耕网络安全领域十余年的技术企业正式进军可信AI赛道。

近年来，以DeepSeek等为代表的预训练大模型持续取得突破，人工智能正在快速嵌入社会运行体制机制。当前，中国正在书写人工智能的社会治理新篇章——既要在技术快速迭代中坚守以人民为中心的理念，又要在体制机制创新中开辟人机互动共生新场景。

近日，北京市网信办、市商务局、市政务服务和数据管理局联合印发《北京市数据跨境流动便利化综合配套改革实施方案》，以制度型开放推动数据要素高水平、便利化跨境流动，通过部署24项具体任务和3项保障措施，服务首都经济发展，打造首都对外开放新高地。

网信部门持续打击文娱领域“饭圈”乱象，近期，督促网站平台依法依约关闭和长期禁言处置“超能摄影阳阳”等一批低俗炒作绯闻丑闻八卦的违法违规账号。

近日，《网络安全法（修正草案再次征求意见稿）》向社会公开征求意见。《网络安全法》此次修改坚持问题导向，顺应当前国内外网络安全发展新形势新要求，拟构建更加科学合理的网络安全法律责任框架，有助于提升法律体系的系统性和协调性。

Submit #525612 / VDB-303646

Submit #525611 / VDB-303645

Submit #525610 / VDB-303644

A vulnerability classified as critical was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function configure of the file blogserver/src/main/java/org/sang/config/WebSecurityConfig.java. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-3398. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.