Aggregator

A vulnerability classified as problematic was found in Adobe Framemaker up to 2020.8/2022.6. This vulnerability affects unknown code. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2025-30301. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-30300. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.8-beta2. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to insufficiently protected credentials. This vulnerability is handled as CVE-2025-27192. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.8-beta2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2025-27191. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.8-beta2. It has been classified as critical. Affected is an unknown function. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-27190. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Adobe Framemaker up to 2020.8/2022.6 and classified as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-30304. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Adobe Commerce up to 2.4.8-beta2 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-27188. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Adobe Framemaker up to 2020.8/2022.6. This affects an unknown part. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-30299. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Adobe Framemaker up to 2020.8/2022.6. Affected by this issue is some unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2025-30303. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Dark Storm Team Targeted the Website of CNN

A vulnerability classified as problematic was found in Adobe Framemaker up to 2020.8/2022.6. Affected by this vulnerability is an unknown functionality. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2025-30302. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Vite 任意文件读取漏洞(CVE-2025-30208)

RuoYi是一个后台管理系统，它主要基于经典技术(Spring Boot、Apache Shiro、MyBatis、Thymeleaf)组合构建而成，主要目的让开发者注重专注业务，降低技术难度，从而节省人力成本，缩短项目周期，提高软件安全质量

有点子小操作哦

JAVA代码审计——Echo4.2

2025数字中国创新大赛-移动互联网（APP）安全积分争夺赛初赛 Writeup

JAVA代审-admintwo

本文介绍了如何运用C++和纯汇编开发Shellcode

JDK 高版本下 JNDI 注入深度剖析JDK 高版本 JNDI 注入限制rmi 协议限制测试 poc直接定位到 RegistryContext#decodeObject 方法，看到在调用 NamingManaget.getObjectInstance 方法前有个 if 条件判断，如果符合这三个 if 条件就会抛出异常，而 jdk 高版本中默认 trustURLCodebase 为 false，然