Aggregator

Submit #606606 / VDB-315110

Submit #606595 / VDB-315109

Submit #606594 / VDB-315108

Submit #606593 / VDB-315107

当前环境出现异常问题，需完成验证后方可继续访问服务。

根据国家信息安全漏洞库（CNNVD）统计，2025年6月采集安全漏洞3686个。

文章介绍了两种类型的黑客：操作系统级别和硬件级别。操作系统级别的黑客较为初级，可通过格式化硬盘清除；而硬件级别的黑客利用零日漏洞攻击硬件（如BIOS或芯片），隐蔽性强且难以检测。作者称被此类黑客 targeting 十年，并举例其通过空调 WiFi 控制电脑的能力。

A vulnerability was found in Claroline 1.8.5. It has been classified as problematic. Affected is an unknown function in the library inc/lib/language.lib.php. The manipulation of the argument Language leads to path traversal. This vulnerability is traded as CVE-2007-4718. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

文章探讨了企业内漏洞闭环管理的方法与流程，包括职责划分、漏洞发现与修复机制，并提出了在SDLC流程中实现安全测试的优化方案。

一、事件概述：近期，国内网络安全厂商披露了一个名为“夜鹰”（NightEagle）的高级持续性威胁（APT）组

Redis被曝存在三大严重安全漏洞：远程代码执行（RCE）和拒绝服务（DoS）风险。涉及HyperLogLog数据结构及Lua脚本引擎内存管理问题。建议用户升级至最新版本或加强访问控制以防范风险。

A vulnerability was found in Microsoft Windows Vista SP2 up to Server 2012 R2. It has been declared as problematic. This vulnerability affects unknown code of the component Adobe Type Manager Library. The manipulation leads to improper access controls. This vulnerability was named CVE-2015-2507. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

r/deepweb 是一个 Reddit 社区，旨在辟谣都市传说并分享来自 Tor 深网的可验证信息。用户 s8nb8 发帖表示不熟悉暗网，并因健康问题寻求帮助。

A vulnerability was found in run-llama llama_index up to 0.12.40 and classified as problematic. This issue affects the function pickle.loads of the component Pickle Module. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2025-3108. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been classified as problematic. This affects an unknown part of the component Distributed Collaboration Framework Module. The manipulation leads to authentication bypass by primary weakness. This vulnerability is uniquely identified as CVE-2025-53167. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. This vulnerability is handled as CVE-2025-7115. The attack may be launched remotely. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.

A vulnerability was found in WAGO Device Sphere 1.0.0 and classified as very critical. This issue affects some unknown processing of the component JWT Token Handler. The manipulation leads to insecure default initialization of resource. The identification of this vulnerability is CVE-2025-41672. The attack may be initiated remotely. There is no exploit available.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]