Aggregator

Submit #662444 / VDB-326188

Submit #662443 / VDB-326187

Submit #662442 / VDB-326186

A vulnerability marked as critical has been reported in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. This vulnerability is listed as CVE-2025-11103. The attack may be initiated remotely. In addition, an exploit is available.

Submit #662441 / VDB-326185

Submit #662416 / VDB-316238

Submit #662406 / VDB-286190

Submit #662395 / VDB-326184

A vulnerability, which was classified as critical, was found in Wavlink M86X3A 240730. This issue affects some unknown processing of the file /cgi-bin/ExportAllSettings.cgi of the component Setting Handler. Such manipulation of the argument Cookie leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-55847. The attack can be launched remotely. No exploit exists.

A vulnerability categorized as problematic has been discovered in Aranda PassRecovery 1.0. Affected is an unknown function of the file /user/existdirectory/1 of the component HTTP POST Request Handler. Such manipulation leads to information disclosure. This vulnerability is listed as CVE-2025-45994. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in Jinher OA 2.0. It has been classified as problematic. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. This vulnerability is handled as CVE-2025-11035. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Docker Desktop 4.46.0 and classified as critical. Affected by this issue is some unknown functionality of the component Enhanced Container Isolation. Such manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2025-10657. Local access is required to approach this attack. No exploit exists.

A vulnerability categorized as problematic has been discovered in PiranhaCMS 12.0. Impacted is an unknown function of the file /manager/pages of the component Standard Archive Page Handler. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-57692. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability has been found in Formbricks up to 4.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component JWT Handler. This manipulation causes improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-59934. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability identified as critical has been detected in apollographql embeddable-explorer up to 2.7.1/3.7.2. The affected element is an unknown function. This manipulation causes origin validation error. This vulnerability is tracked as CVE-2025-59845. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

Человек + экзоскелет + ИИ = новый вид геймера, который не промахивается.

Name: Iran Tech Olympics CTF 2025 (an Iran Tech Olympics CTF event.)
Date: Sept. 26, 2025, 1 p.m. — 27 Sept. 2025, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://ctf.olympics.tech/
Rating weight: 25.00
Event organizers: ASIS

SecWiki周刊（第603期) by ourren

更多最新文章，请访问SecWiki

本文介绍了一种基于 ETW Hook 的系统沙箱设计：通过在内核中利用 ETW 记录系统调用时暴露的可替换函数指针，实现对系统调用的隐蔽劫持和监控，从而绕过传统 API Hook 易被检测和规避的缺陷；通过配置 CKCL 会话和 PMC 计数器使控制流进入目标路径，再结合进程列表管理、堆栈检测等机制，能够在不暴露用户态痕迹的情况下捕获并分析恶意软件的系统调用行为，为安全分析提供更强大且不易规避的监

Почему авария на руднике в Индонезии может повлиять на стоимость вашего телефона?