Aggregator

本文总结了近期网络安全事件与技术，包括Salesforce数据泄露、Azure弱ACL攻击路径及DLL侧载攻击等。

微软宣布于2025年10月31日关闭Microsoft Editor扩展程序，用户需迁移到Microsoft Edge浏览器继续使用相关功能。该扩展最初支持Chromium系列浏览器，并提供文字编辑、错误检查和AI优化等功能。微软表示相关功能已集成到Edge中，此举可能旨在推动更多用户使用其浏览器。

2025年9月3日，纪念中国人民抗日战争暨世界反法西斯战争胜利80周年大会将在北京天安门广场隆重举行。共同铭记历史，正是要弘扬伟大爱国主义精神、伟大抗战精神，从中汲取开创未来的智慧和力量。

习近平在纪念中国人民抗日战争暨世界反法西斯战争胜利80周年大会上发表重要讲话

A vulnerability, which was classified as critical, has been found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. The identification of this vulnerability is CVE-2025-9417. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in SAIL Image Decoding Library 0.9.8. It has been classified as critical. The affected element is an unknown function of the component PCX Image Decoder. The manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2025-50129. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability was found in SAIL Image Decoding Library 0.9.8. It has been declared as critical. The impacted element is an unknown function of the component WebP Image Decoder. The manipulation results in integer overflow to buffer overflow. This vulnerability is identified as CVE-2025-52456. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in SAIL Image Decoding Library 0.9.8. It has been rated as critical. This affects an unknown function of the component BMPv3 RLE Decoder. This manipulation causes integer overflow to buffer overflow. This vulnerability is tracked as CVE-2025-52930. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability categorized as critical has been discovered in SAIL Image Decoding Library 0.9.8. This impacts an unknown function of the component PSD RLE Decoder. Such manipulation leads to heap-based buffer overflow. This vulnerability is listed as CVE-2025-53085. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as critical has been detected in SAIL Image Decoding Library 0.9.8. Affected is an unknown function of the component PSD Image Decoder. Performing manipulation results in integer overflow to buffer overflow. This vulnerability is cataloged as CVE-2025-53510. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability labeled as critical has been found in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file about-us.php. Such manipulation of the argument pagetitle leads to sql injection. This vulnerability is listed as CVE-2025-56216. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in PHPGurukul Hospital Management System 4.0 and classified as critical. This vulnerability affects unknown code of the file add-doctor.php. Executing manipulation of the argument docname can lead to sql injection. This vulnerability is handled as CVE-2025-56212. The attack can be executed remotely. There is not any exploit available.

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been declared as critical. Impacted is an unknown function of the file index.php. The manipulation of the argument Username results in sql injection. This vulnerability was named CVE-2025-56214. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in PHPGurukul Hospital Management System 4.0. It has been rated as critical. The affected element is an unknown function of the file contact.php. This manipulation of the argument pagetitle causes sql injection. The identification of this vulnerability is CVE-2025-56215. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-9418. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in itsourcecode Apartment Management System 1.0 and classified as critical. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results in sql injection. This vulnerability is identified as CVE-2025-9419. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /floor/addfloor.php. Executing manipulation of the argument hdnid can lead to sql injection. This vulnerability is tracked as CVE-2025-9420. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. This vulnerability is listed as CVE-2025-9421. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in Campcodes Online Water Billing System 1.0. It has been rated as critical. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. This vulnerability is registered as CVE-2025-9423. Remote exploitation of the attack is possible. Furthermore, an exploit is available.