looking for friends!
r/deepweb 是一个 Reddit 社区,旨在辟谣都市传说并分享来自 Tor 深网的可验证信息。用户 s8nb8 发帖表示不熟悉暗网,并因健康问题寻求帮助。
Aggregator
Authenticate Users, Secure Transactions: How BioConfirm Secures High-Stakes Banking Operations
1 day 21 hours ago
CVE-2025-3108 | run-llama llama_index up to 0.12.40 Pickle Module pickle.loads deserialization (EUVD-2025-20156)
1 day 21 hours ago
A vulnerability was found in run-llama llama_index up to 0.12.40 and classified as problematic. This issue affects the function pickle.loads of the component Pickle Module. The manipulation leads to deserialization.
The identification of this vulnerability is CVE-2025-3108. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-53167 | Huawei HarmonyOS 5.0.1/5.1.0 Distributed Collaboration Framework Module authentication bypass (EUVD-2025-20179)
1 day 21 hours ago
A vulnerability was found in Huawei HarmonyOS 5.0.1/5.1.0. It has been classified as problematic. This affects an unknown part of the component Distributed Collaboration Framework Module. The manipulation leads to authentication bypass by primary weakness.
This vulnerability is uniquely identified as CVE-2025-53167. Access to the local network is required for this attack to succeed. There is no exploit available.
vuldb.com
CVE-2025-7114 | SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Session route.ts POST Request missing authentication (EUVD-2025-20195)
1 day 21 hours ago
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication.
This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-7115 | rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97 Session route.ts PUT params missing authentication (Issue 166 / EUVD-2025-20194)
1 day 21 hours ago
A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication.
This vulnerability is handled as CVE-2025-7115. The attack may be launched remotely. There is no exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
It is expected that this issue will be fixed in the near future.
vuldb.com
CVE-2025-41672 | WAGO Device Sphere 1.0.0 JWT Token insecure default initialization of resource (VDE-2025-057 / EUVD-2025-20193)
1 day 21 hours ago
A vulnerability was found in WAGO Device Sphere 1.0.0 and classified as very critical. This issue affects some unknown processing of the component JWT Token Handler. The manipulation leads to insecure default initialization of resource.
The identification of this vulnerability is CVE-2025-41672. The attack may be initiated remotely. There is no exploit available.
vuldb.com
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
1 day 21 hours ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]
Pierluigi Paganini
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
1 day 21 hours ago
美国网络安全机构CISA将Google Chromium V8引擎中的CVE-2025-6554漏洞加入已知被利用漏洞目录。该漏洞为类型混淆问题,允许攻击者通过特制HTML页面进行任意读写操作。Google已发布补丁修复,并指出该漏洞在野外被利用。CISA要求联邦机构于7月23日前完成修复以应对潜在攻击风险。
Devman
1 day 21 hours ago
You must login to view this content
cohenido
Devman
1 day 21 hours ago
You must login to view this content
cohenido
Devman
1 day 21 hours ago
You must login to view this content
cohenido
Hpingbot Unleashed: New Go-Based Botnet Leverages Pastebin & Hping3 for Stealthy Attacks
1 day 21 hours ago
A newly emerged botnet known as hpingbot, identified by the NSFOCUS Fuying Lab‘s global threat monitoring system, has rapidly become one of the most prominent cyber threats since its appearance in early June 2025....
The post Hpingbot Unleashed: New Go-Based Botnet Leverages Pastebin & Hping3 for Stealthy Attacks appeared first on Penetration Testing Tools.
ddos
人工智能赋能网络安全——InForSec & DataCon 2025年网络空间安全大学生夏令营开始报名啦!
1 day 21 hours ago
当前环境出现异常,请完成验证后继续访问。
人工智能赋能网络安全——InForSec & DataCon 2025年网络空间安全大学生夏令营开始报名啦!
1 day 21 hours ago
InForSec夏令营来啦InForSec定于2025年8月1日~
Windows 11 Finally Overtakes Windows 10 in User Share as EOL Deadline Looms
1 day 21 hours ago
A pivotal moment has arrived in the operating system market. For the first time, the latest version of Windows has surpassed its predecessor in user share—a milestone that signals a broader shift across the...
The post Windows 11 Finally Overtakes Windows 10 in User Share as EOL Deadline Looms appeared first on Penetration Testing Tools.
ddos
CVE-2025-7167 | code-projects Responsive Blog Site 1.0 /category.php ID sql injection
1 day 21 hours ago
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection.
This vulnerability was named CVE-2025-7167. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-7166 | code-projects Responsive Blog Site 1.0 /single.php ID sql injection
1 day 21 hours ago
A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-7166. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
3小时盗空6家银行,2700美元撬动巴西史上最大数字金融劫案
1 day 21 hours ago
当前环境异常,需完成验证后继续访问。
Microsoft is Finally Removing PowerShell 2.0 from Windows 11: Boosting Security, Retiring Legacy Tool
1 day 21 hours ago
Another relic of the past is being permanently retired from the legendary operating system. Microsoft has initiated the process of removing PowerShell 2.0—a long-obsolete version of the command-line tool—from Windows 11. This iteration first...
The post Microsoft is Finally Removing PowerShell 2.0 from Windows 11: Boosting Security, Retiring Legacy Tool appeared first on Penetration Testing Tools.
ddos