JVN: ZXHN-F660TおよびZXHN-F660Aに機器共通の認証情報が設定されている問題
ZTEジャパン株式会社が提供するZXHN-F660TおよびZXHN-F660Aには、機器共通の認証情報が設定されています。
Aggregator
CVE-2025-8346 | Portabilis i-Educar 2.10 /educar_aluno_lst.php ref_cod_matricula cross site scripting
9 months ago
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulation of the argument ref_cod_matricula with the input "><img%20src=x%20onerror=alert(%27CVE-Hunters%27)> leads to cross site scripting.
This vulnerability is handled as CVE-2025-8346. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-8347 | Kehua Charging Pile Cloud Platform 1.0 /sys/task/findAllTask sql injection
9 months ago
A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-8347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Secrets are leaking everywhere, and bots are to blame
9 months ago
Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools, are now the fastest-growing source of security risk in enterprise environments. Non-human identity risk fuels rising secret exposures Between January and June 2025, Entro saw a 44% year-over-year increase in NHIs. These machine identities now … More →
The post Secrets are leaking everywhere, and bots are to blame appeared first on Help Net Security.
Anamarija Pogorelec
CVE-2025-8327 | code-projects Exam Form Submission 1.0 /admin/delete_s8.php ID sql injection
9 months ago
A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection.
This vulnerability is known as CVE-2025-8327. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-8328 | code-projects Exam Form Submission 1.0 /register.php USN sql injection
9 months ago
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection.
This vulnerability is handled as CVE-2025-8328. The attack may be launched remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well.
vuldb.com
CVE-2025-8329 | code-projects Vehicle Management 1.0 /filter3.php company sql injection
9 months ago
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-8329. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
Other parameters might be affected as well.
vuldb.com
CVE-2025-8330 | code-projects Vehicle Management 1.0 /edit1.php sno sql injection
9 months ago
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection.
This vulnerability was named CVE-2025-8330. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-8331 | code-projects Online Farm System 1.0 /forgot_pass.php email sql injection
9 months ago
A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection.
The identification of this vulnerability is CVE-2025-8331. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2024-48916 | Ceph RadosGW encryption algorithm improper authentication (Nessus ID 212141)
9 months ago
A vulnerability classified as critical was found in Ceph. This vulnerability affects unknown code of the component RadosGW. The manipulation of the argument encryption algorithm with the input None leads to improper authentication.
This vulnerability was named CVE-2024-48916. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com
INC
9 months ago
You must login to view this content
cohenido
安全公司公布勒索软件FunkSec解密密钥 可以免费解密已经被加密的文件
9 months ago
安全公司发布FunkSec勒索软件解密器和密钥,允许受害者免费恢复加密文件。该勒索软件自2025年3月以来未新增受害者,安全公司因此公开工具以避免黑客更新加密措施。解密器适用于文件后缀为.funksec的情况,并需确认签名匹配。建议备份数据后再进行解密操作。
CVE-2024-45515 | Synacor Zimbra Collaboration Suite cross site scripting
9 months ago
A vulnerability, which was classified as problematic, has been found in Synacor Zimbra Collaboration Suite. This issue affects some unknown processing. The manipulation leads to cross site scripting.
The identification of this vulnerability is CVE-2024-45515. The attack may be initiated remotely. There is no exploit available.
vuldb.com
Why rural hospitals are losing the cybersecurity battle
9 months ago
Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are left juggling security tools without the IT support to use them effectively, according to Paubox. Compared to their urban counterparts, rural healthcare organizations are hitting more cybersecurity roadblocks, and not just in one or two … More →
The post Why rural hospitals are losing the cybersecurity battle appeared first on Help Net Security.
Anamarija Pogorelec
404 Path Not Found: Finding Direction in a Fickle Job Market
9 months ago
Advice for Young Cyber Professionals in the Age of AI and Security Automation
Professionals across industries, especially those in early career stages, are struggling to find not only jobs but also career path direction. The old map no longer applies. Today's environment requires adaptability, strategy and a willingness to build new paths entirely.
Professionals across industries, especially those in early career stages, are struggling to find not only jobs but also career path direction. The old map no longer applies. Today's environment requires adaptability, strategy and a willingness to build new paths entirely.
Global Data Breach Costs Go Down, but Not in US
9 months ago
AI Tools Detect Breaches Quicker but Shadow AI Causes Breaches, Too
Organizations are detecting data breaches more quickly and paying less to remediate them, says IBM's new "Cost of a Data Breach Report 2025." Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising.
Organizations are detecting data breaches more quickly and paying less to remediate them, says IBM's new "Cost of a Data Breach Report 2025." Some caveats apply, with U.S. organizations experiencing higher breach costs. Breach fallout from shadow AI is also rising.
2 Law Group Data Theft Hacks Affect 282,100 Patients
9 months ago
Firm Admits Paying Ransom in Exchange of Hacker's Promise to Delete Stolen Info
Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked on the darkweb.
Two Florida-based law firms with offices in other states are notifying 282,100 people whose healthcare and other information was potentially compromised in separate data theft incidents. One of the firms admitted to paying a ransom to prevent its data from being leaked on the darkweb.
Nikesh Arora: Why Palo Alto Is Making a $25B Bet on Identity
9 months ago
CyberArk Deal Adds Privileged Access Capabilities to Palo Alto Networks' Core Stack
With a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges as a new risk vector.
With a $25 billion acquisition of CyberArk, Palo Alto Networks expands its cybersecurity platform to secure human, machine and AI identities. CEO Nikesh Arora said the move is timely as 88% of ransomware attacks now stem from credential theft, and agentic AI emerges as a new risk vector.
Critical Flaws Found in Dahua Cameras
9 months ago
Unauthenticated Bugs Allow Full Remote Code Execution
Unauthenticated attackers could remotely hijack Dahua Hero C1 smart cameras by exploiting firmware vulnerabilities, Bitdefender warned in a coordinated disclosure published Wednesday. Dahua Technoloy released patches on July 7. The company is on a number of U.S. federal blacklists.
Unauthenticated attackers could remotely hijack Dahua Hero C1 smart cameras by exploiting firmware vulnerabilities, Bitdefender warned in a coordinated disclosure published Wednesday. Dahua Technoloy released patches on July 7. The company is on a number of U.S. federal blacklists.
Let's Clone a Cloner - Part 3: Putting It All Together
9 months ago
<p>We have arrived at our final stage of metamorphosis, taking our pupa and morphing it into a hacking machine. Let's finish this journey. Geared Up Pupa In the first blog, we took various MaxiProx builds and attempted to…</p>
Costa Petros