Aggregator

A vulnerability, which was classified as critical, has been found in Quiter Gateway up to 4.6.x. This issue affects some unknown processing of the file /FacturaE/listado_facturas_ficha.jsp. The manipulation of the argument id_factura leads to sql injection. The identification of this vulnerability is CVE-2025-40714. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Quiter Gateway up to 4.6.x. Affected is an unknown function of the file /QMSCliente/Sucesos.action. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-40716. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Quiter Gateway up to 4.6.x and classified as critical. Affected by this issue is some unknown functionality of the file /QuiterGatewayWeb/api/v1/sucesospagina. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-40717. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php. The manipulation of the argument wpid leads to sql injection. This vulnerability is handled as CVE-2025-7177. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Quiter Gateway up to 4.6.x. It has been classified as problematic. This affects an unknown part of the file /FacturaE/VerFacturaPDF. The manipulation of the argument id_concesion leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-40719. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Quiter Gateway up to 4.6.x. It has been declared as problematic. This vulnerability affects unknown code of the file /FacturaE/VerFacturaPDF. The manipulation of the argument campo leads to cross site scripting. This vulnerability was named CVE-2025-40720. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Quiter Gateway up to 4.6.x. It has been rated as problematic. This issue affects some unknown processing of the file /FacturaE/listado_facturas_ficha.jsp. The manipulation of the argument id_factura leads to cross site scripting. The identification of this vulnerability is CVE-2025-40721. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Google的Gemini AI现可访问Android用户的第三方应用如WhatsApp、Messages和Phone，引发隐私与安全担忧。即使用户关闭相关功能，Gemini仍可访问。建议检查权限并关闭不必要的AI集成以保护隐私。

Внутри — пластик, пестициды, парабены. Снаружи — улыбка. Вот оно — современное детство.

一个奇怪的废弃资产？

一天，我正看着刚刚收集的某SRC资产列表，在图标列表里发现了一个从没见过的奇怪图标。

查看了下对应的资产，发现是一个定制的ComfyUI WEB资产 。

Cybersecurity researchers have flagged a supply chain attack targeting a Microsoft Visual Studio Code (VS Code) extension called Ethcode that has been installed a little over 6,000 times. The compromise, per ReversingLabs, occurred via a GitHub pull request that was opened by a user named Airez299 on June 17, 2025. First released by 7finney in 2022, Ethcode is a VS Code extension that's used to

If you know what “o11y” is, you probably know what a site reliability engineer (SRE) does. Maybe you are one. Observability pipelines help SREs monitor and understand system behavior by using data such as metrics, events, logs, and traces (MELT) and Golden Signals. But as information technology (IT) infrastructure...

Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting

面向全球视角，看看到底多少APP在收集你的设备指纹信息！

这篇文章分析了Triada恶意软件中的高级Android打包工具Ducex，其通过加密函数、XOR加密字符串、反调试机制及检测分析工具（如Frida）来混淆分析和隐藏payload。

一个15岁男孩沉迷于电脑游戏，严重影响了哥哥的生活。哥哥尝试各种方法都无法阻止弟弟的行为，最终考虑通过干扰Wi-Fi来解决问题。

/r/netsec 是一个由社区管理的信息安全技术聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的内容，帮助他们从大量信息中提取关键信号。

/r/netsec 是一个由社区管理的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息。

登录tix.qq.com获取更多资讯