Aggregator

Теперь все ИИ-агенты наконец-то заговорят на одном языке.

A vulnerability classified as critical has been found in TOTOLINK CA300-PoE 6.2c.884. This affects the function QuickSetting of the file ap.so. The manipulation of the argument hour/minute leads to os command injection. This vulnerability is uniquely identified as CVE-2025-6621. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been rated as critical. Affected by this issue is the function setUpgradeUboot of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. This vulnerability is handled as CVE-2025-6620. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. Affected by this vulnerability is the function setUpgradeFW of the file upgrade.so. The manipulation of the argument FileName leads to os command injection. This vulnerability is known as CVE-2025-6619. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been classified as critical. Affected is the function SetWLanApcliSettings of the file wps.so. The manipulation of the argument PIN leads to os command injection. This vulnerability is traded as CVE-2025-6618. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Currently trending CVE - Hype Score: 8 - HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript ...

Currently trending CVE - Hype Score: 1 - Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Currently trending CVE - Hype Score: 1 - Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. This issue affects the function formAdvanceSetup of the file /goform/formAdvanceSetup. The manipulation of the argument webpage leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. The identification of this vulnerability is CVE-2025-6617. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-6616. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6615. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-6614. The attack may be launched remotely. Furthermore, there is an exploit available.

Wordfence exposes a sophisticated WordPress malware campaign using a rogue WordPress Core plugin. Active since 2023, it steals credit cards and credentials with advanced anti-detection.

Submit #602266 / VDB-313839

Submit #602265 / VDB-313838

Submit #602264 / VDB-313837

Submit #602263 / VDB-313836

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年6月16日至2025年6月22日）安全漏洞情况如下

A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. This vulnerability is known as CVE-2025-6613. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #602260 / VDB-313835