Aggregator

Submit #627830 / VDB-319922

A vulnerability has been found in Foxit Reader 2025.1.0.27937 and classified as critical. This vulnerability affects unknown code of the component Javascript Handler. The manipulation leads to uninitialized pointer. This vulnerability was named CVE-2025-32451. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in CherryHQ cherry-studio up to 1.5.1. This affects an unknown part of the component MCP Handler. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-54074. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CherryHQ cherry-studio 1.5.1. Affected by this issue is some unknown functionality of the component Oauth Auth Redirection Endpoint. The manipulation leads to os command injection. This vulnerability is handled as CVE-2025-54382. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #627814 / VDB-319921

A vulnerability classified as critical was found in D-Link DIR-825 2.10. Affected by this vulnerability is the function get_ping_app_stat of the file ping_response.cgi of the component httpd. The manipulation of the argument ping_ipaddr leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-8949. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #627738 / VDB-319920

6500 万年前的小行星撞击地球导致了恐龙灭绝，我们人类有生之年死于小行星撞击的风险有多高？根据发表在 arXiv 上的一篇预印本，研究人员模拟了 500 万个直径大于 140 米的近地天体（NEO），模拟了近地天体的轨道，并统计 150 年来近地天体撞击地球的次数，以判断 NEO 撞击地球的可能性。随后研究人员将这些结果与个人在 71 年的人生中发生其他不幸事件的机率进行比较，包括雷击、被大象攻击和一氧化碳中毒等事件，计算一个人死于这些事件的机率有多大。结果发现，大小超过 140 米的近地天体的撞击频率估计约为每 1.1 万年一次。直径 140-200 米的近地天体坠落海洋可能不会造成人员伤亡，而直径 180-200 米的近地天体如果撞击人口稠密的地区，则有可能影响一百万人，更大的近地天体撞击可能影响整个世界。因此即使近地天体撞击地球，但若其直径较小，大多数人仍然有很大的幸存几率。研究人员发现，当一氧化碳中毒和大象攻击等事件发生时，造成人员死亡的可能性就大得多。而一颗直径超过 140 米的小行星撞击地球的机率比一个人一生中被闪电击中的机率，以及被土狼袭击的机率都要高。另一方面，一个人一生中感染流感或遭遇车祸的机率远高于经历小行星撞击地球的机率，这也许不是什么令人惊讶的事。研究团队强调，这并不是要忽视行星防御的重要性，而是让大众能在理解真实风险的同时，理性看待小行星威胁。

Submit #627710 / VDB-319919

The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don't prepare are going to face uncertainty caused by the lack of attackers' accountability.

The software bill of materials (SBOM) drives the shift from compliance checkbox to cornerstone of modern software security, equipping organizations to navigate supply chain threats, evolving regulations, and the complexity of AI-generated code.

The post SBOM Best Practices: What Global Leaders Are Asking and Doing appeared first on Security Boulevard.

Submit #627640 / VDB-319915

The financially motivated threat group ShinyHunters has returned with a sophisticated series of attacks targeting Salesforce instances across high-profile enterprises in industries like retail, aviation, and insurance, after a year of relative quiet following member arrests in June 2024. ReliaQuest’s analysis reveals a coordinated infrastructure of ticket-themed phishing domains and credential-harvesting pages, such as ticket-lvmh[.]com […]

The post ShinyHunters May Have Teamed Up With Scattered Spider in Salesforce Attack Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. This vulnerability is traded as CVE-2025-8948. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in projectworlds Visitor Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The identification of this vulnerability is CVE-2025-8947. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #627543 / VDB-249133

A vulnerability was found in projectworlds Online Notes Sharing Platform 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. This vulnerability was named CVE-2025-8946. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #632003 / VDB-319914

Submit #631996 / VDB-319913