Aggregator

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. [...]

A vulnerability was found in FoxCMS up to 1.2.5 and classified as critical. This issue affects some unknown processing of the file admin/template_file/editFile.html. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-50692. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in XODA 0.4.5 and classified as critical. Affected by this issue is the function Upload of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2012-10045. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Zenoss Core 3.x. It has been declared as critical. Affected by this vulnerability is the function Popen of the file ZenossInfo.py of the component showdaemonXMLConfig Endpoint. The manipulation of the argument daemon leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2012-10048. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in WPO WebPageTest up to 2.6. Affected is an unknown function of the file resultimage.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2012-10049. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.1 RTM1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-46709. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM/25.1 RTM0. This affects an unknown part of the component Trusted Execution Environment. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2025-6573. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

某NET窃密样本动态去混淆解密分析

白矮星通常是类太阳恒星在燃料耗尽之后塌缩留下的致密核心，质量通常为太阳的一半，最高不超过 1.44 倍太阳质量，超过这一上限会爆炸或塌缩成中子星。大质量白矮星 WD 0525+526 质量是太阳的 1.2 倍，研究发现它并非是恒星塌缩而是双星合并的结果。WD 0525+526 与其它白矮星不同之处包括大气中有微弱的碳信号，低碳含量以及超高温（表面温度约太阳的四倍）表明这颗白矮星处于合并后演化较早的阶段。

这篇文章探讨了Dell ControlVault的安全漏洞及其潜在风险。研究者通过分析ControlVault的固件和通信机制，发现了多个漏洞，包括未加密的固件、堆溢出和栈溢出等问题。这些漏洞可能导致本地权限提升或绕过指纹验证。文章还展示了如何通过篡改固件实现系统级攻击，并讨论了物理攻击的可能性。最终强调了硬件安全解决方案的复杂性和潜在风险。

探讨如何利用逆向工程在Windows平台创业的方法和商业机会。

数字取证科学涉及从数字设备中恢复和调查材料，主要用于计算机犯罪调查。该领域应用信息安全原则，通过审计流程进行归属和事件重建。相关社区不仅限于个人电脑，还包括手机、视频等多种媒体。

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-8815. It is possible to launch the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Submit #622348 / VDB-319344

A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-8814. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. This vulnerability was named CVE-2025-8813. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-8812. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Submit #622334 / VDB-319343

Submit #622333 / VDB-319342

Submit #622331 / VDB-319341