Aggregator

CVE-2025-8764 | linlinjava litemall up to 1.8.0 /wx/storage/upload File unrestricted upload (Issue 567 / EUVD-2025-24059)

Vuldb Updates
9 months 2 weeks ago
A vulnerability identified as critical has been detected in linlinjava litemall up to 1.8.0. Affected by this issue is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. This vulnerability is referenced as CVE-2025-8764. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
vuldb.com

CVE-2025-8965 | linlinjava litemall up to 1.8.0 Endpoint AdminStorageController.java create File unrestricted upload

Vuldb Updates
9 months 2 weeks ago
A vulnerability has been found in linlinjava litemall up to 1.8.0 and classified as critical. This affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. Performing manipulation of the argument File results in unrestricted upload. This vulnerability is cataloged as CVE-2025-8965. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-9138 | Scada-LTS 2.7.8.1 pointHierarchy/new/ Title cross site scripting (EUVD-2025-25165)

Vuldb Updates
9 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. This vulnerability is reported as CVE-2025-9138. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower. An admin user - by definition - has full control over HTML and JS code that is delivered to users in regular synoptic panels. In other words - due to the design of the system it is not possible to limit the admin user to attack the users."
vuldb.com

CVE-2025-9139 | Scada-LTS 2.7.8.1 WatchListDwr.init.dwr information disclosure

Vuldb Updates
9 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Scada-LTS 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file /Scada-LTS/dwr/call/plaincall/WatchListDwr.init.dwr. Executing manipulation can lead to information disclosure. This vulnerability appears as CVE-2025-9139. The attack may be performed from remote. In addition, an exploit is available. The vendor explains: "[T]he risks of indicated vulnerabilities seem to be minimal as all scenarios likely require admin permissions. Moreover, regardless our team fixes those vulnerabilities - the overall risk change to the user due to malicious admin actions will not be lower."
vuldb.com

CVE-2025-9143 | Scada-LTS 2.7.8.1 mailing_lists.shtm name/userList/address cross site scripting (EUVD-2025-25186)

Vuldb Updates
9 months 2 weeks ago
A vulnerability was found in Scada-LTS 2.7.8.1 and classified as problematic. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scripting. This vulnerability is known as CVE-2025-9143. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com

CVE-2025-8974 | linlinjava litemall up to 1.8.0 JSON Web Token JwtHelper.java SECRET hard-coded credentials (Issue 568)

Vuldb Updates
9 months 2 weeks ago
A vulnerability classified as problematic has been found in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. This manipulation of the argument SECRET with the input X-Litemall-Token causes hard-coded credentials. The identification of this vulnerability is CVE-2025-8974. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-7729 | Scada-LTS up to 2.7.8.1 usersProfiles.shtm Username cross site scripting (EUVD-2025-21755)

Vuldb Updates
9 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file usersProfiles.shtm. The manipulation of the argument Username results in cross site scripting. This vulnerability is known as CVE-2025-7729. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
vuldb.com

CVE-2025-7728 | Scada-LTS up to 2.7.8.1 users.shtm Username cross site scripting

Vuldb Updates
9 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in Scada-LTS up to 2.7.8.1. This affects an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. This vulnerability is traded as CVE-2025-7728. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
vuldb.com

openSUSE 将禁用 bcachefs

Solidot
9 months 2 weeks ago
在 Linus Torvalds 将文件系统 Bcachefs 标记为由外部维护之后,Linux 发行版 openSUSE 项目宣布自 Linux 6.17 起将禁用 Bcachefs 文件系统。Linux 6.17 不再接受来自 Bcachefs 维护者 Kent Overstreet 递交的补丁,而 openSUSE 项目也不会去维护该文件系统。Linux 6.16 不受影响。openSUSE 项目表示如果 Bcachefs 维护者能与 Linux 作者和解,内核恢复合并相关补丁,openSUSE 也会恢复启用该文件系统。

CVE-2025-10274 | erjinzhi 10OA 1.0 /trial/mvc/item Name cross site scripting

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability was found in erjinzhi 10OA 1.0. It has been classified as problematic. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. This vulnerability was named CVE-2025-10274. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10273 | erjinzhi 10OA 1.0 /view/file.aspx File path traversal

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability was found in erjinzhi 10OA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. This vulnerability is uniquely identified as CVE-2025-10273. The attack can only be initiated within the local network. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10272 | erjinzhi 10OA 1.0 /trial/mvc/catalogue Name cross site scripting

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability has been found in erjinzhi 10OA 1.0 and classified as problematic. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. This vulnerability is handled as CVE-2025-10272. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-10271 | erjinzhi 10OA 1.0 /trial/mvc/finder Name cross site scripting

VulDB Recent Entries
9 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting. This vulnerability is known as CVE-2025-10271. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Why Cyber Resilience Starts With People, Not Just Tools

Security Boulevard
9 months 2 weeks ago

Fletcher Heisler, CEO of Authentik Security, covers the evolution of Identity and Access Management (IAM) and its significance in modern security. Fletcher also emphasizes a careful approach to AI integration, prioritizing human coding. Heisler, who has been working in tech since his early days experimenting with security in less-than-sanctioned ways, shares his journey into the..

The post Why Cyber Resilience Starts With People, Not Just Tools appeared first on Security Boulevard.

Alan Shimel

Akira

Dark Feed IO
9 months 2 weeks ago

You must login to view this content

cohenido

L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks

Cyber Security News
9 months 2 weeks ago

In early March 2025, security teams first observed an unprecedented L7 DDoS botnet targeting web applications across multiple sectors. The botnet, rapidly expanding from an initial 1.33 million compromised devices, employed HTTP GET floods to exhaust server resources and circumvent traditional rate limiting. By mid-May, the threat escalated as the botnet grew to 4.6 million […]

The post L7 DDoS Botnet Hijacked 5.76M Devices to Launch Massive Attacks appeared first on Cyber Security News.

Tushar Subhra Dutta

Managed ad