上周关注度较高的产品安全漏洞(20250630-20250706)
上周关注度较高的产品安全漏洞(20250630-20250706)
Aggregator
CNVD漏洞周报2025年第25期
8 months 1 week ago
国家信息安全漏洞共享平台(以下简称CNVD)本周共收集、整理信息安全漏洞695个,其中高危漏洞345个、中危漏洞306个、低危漏洞44个。
CVE-2025-7119 | Campcodes Complaint Management System 1.0 /users/index.php Username sql injection (EUVD-2025-20199)
8 months 1 week ago
A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection.
This vulnerability is known as CVE-2025-7119. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-3920 | SUR-FBD CMMS up to 2025.03.26 DLL File hard-coded password (EUVD-2025-20198)
8 months 1 week ago
A vulnerability has been found in SUR-FBD CMMS up to 2025.03.26 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DLL File. The manipulation leads to use of hard-coded password.
This vulnerability is known as CVE-2025-3920. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-27358 | mndpsingh287 Frontend File Manager Plugin up to 23.2 on WordPress cross site scripting (EUVD-2025-19952)
8 months 1 week ago
A vulnerability was found in mndpsingh287 Frontend File Manager Plugin up to 23.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to basic cross site scripting.
This vulnerability was named CVE-2025-27358. The attack can be initiated remotely. There is no exploit available.
vuldb.com
ChatGPT помог найти диагноз, который врачи искали 10 лет
8 months 1 week ago
История пациента, который нашёл решение десятилетней болезни с помощью ChatGPT.
Crittografia, le curve ellittiche: un’alternativa a Rsa e ai logaritmi discreti
8 months 1 week ago
本网站使用技术、分析和 profiling cookies 来优化用户体验、追踪行为并提供个性化广告。用户可通过 Cookie Center 管理偏好或访问 Cookie Policy 了解更多信息,并可选择接受或拒绝所有 cookie。
CVE-2007-2805 | ClientExec 3.0 Beta2 index.php cross site scripting (EDB-30053 / XFDB-34390)
8 months 1 week ago
A vulnerability classified as problematic has been found in ClientExec 3.0 Beta2. This affects an unknown part of the file index.php. The manipulation leads to basic cross site scripting.
This vulnerability is uniquely identified as CVE-2007-2805. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2581 | xmedcon 0.25.0 DICOM File malloc integer underflow (Nessus ID 241388)
8 months 1 week ago
A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow.
This vulnerability is known as CVE-2025-2581. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Toncoin为投资者提供质押10万美元获取阿联酋黄金签证 阿联酋官方称谨防欺诈
8 months 1 week ago
Toncoin项目宣称投资者质押10万美元TON代币并支付3.5万美元手续费可获阿联酋10年黄金签证。Telegram创始人杜罗夫转发宣传。阿联酋官方否认与该项目关联,强调数字资产投资受法规管辖,提醒投资者防范诈骗。
谷歌如何实现高质量、可扩展和现代化的威胁检测
8 months 1 week ago
独特的“谁开发,谁负责”警报处理模式以及将安全视为软件工程的理念
Hundreds of Malicious Domains Registered Ahead of Prime Day
8 months 1 week ago
Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day
三星手机电池次数显著高于其它品牌
8 months 1 week ago
欧盟新规要求标明电池额定充电次数,三星手机电池表现最佳,通常可达2000次;Google Pixel和Fairphone等品牌多为1000-1400次;苹果iPhone 16系列为1000次。
三星手机电池次数显著高于其它品牌
8 months 1 week ago
欧盟的新能效标签要求厂商标明电池的额定充电次数。那么根据充电次数,今天哪些手机品牌的电池更耐用?数据显示, 三星手机电池遥遥领先。Google Pixel 系列手机电池充电次数基本上是一千次;三星基本上是 2000 次(少数几款 1200 次);Fairphone 5 1200 次,Fairphone 6 降至 1000 次;摩托罗拉 Edge 50 系列为 1200 次,G55 800 次,其它型号基本上是 1000 次;Nothing 系列手机为 1400 次;OnePlus OnePlus 13R 1200 次,OnePlus 13 1000 次;索尼 Xperia 1 VII 为 1400 次,苹果 iPhone 16 系列都是 1000 次。
Кто владеет алгоритмами — владеет народами. БРИКС бросает вызов ИИ-гегемонии США
8 months 1 week ago
БРИКС готовит «коммуналку» за ИИ.
HVV红队必备工具!快速打点,抢占第一先机
8 months 1 week ago
文章介绍了两款红队工具dddd-rust和dddd-red的功能与优势。dddd-rust用于快速资产扫描与漏洞打点,而dddd-red则提供一体化的漏洞扫描、资产管理与远程控制功能。这两款工具适用于SRC挖洞、红队打点及众测项目等场景,并提供限时优惠购买选项。
Phishing, Pivots, and Persistence: A Look into Japan’s Q1 2025 Cyber Threat Landscape
8 months 1 week ago
日本JPCERT/CC 2025年第一季度报告指出网络攻击激增,钓鱼攻击占87%,网站入侵增长75%,供应链漏洞被利用。显示网络威胁日益复杂化和精准化,需加强防御措施。
Identity, AI & Access: Highlights from Identiverse 2025 - Sagi Rodin, Ajay Amlani, Treb Ryan, Ajay Gupta, Artyom Poghosyan, Amir Ofek - ESW #414
8 months 1 week ago
文章讨论了单点登录(SSO)和多因素认证(MFA)在企业安全中的重要性,并指出这些工具通常昂贵且复杂。Cubeless推出免费、简化的SSO和MFA解决方案。此外,文章还探讨了AI代理对身份基础设施的需求及传统安全模型的不足,并介绍了相关技术的发展与解决方案。
CVE-2025-3920 | SUR-FBD CMMS up to 2025.03.26 DLL File hard-coded password (EUVD-2025-20198)
8 months 1 week ago
A vulnerability has been found in SUR-FBD CMMS up to 2025.03.26 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DLL File. The manipulation leads to use of hard-coded password.
This vulnerability is known as CVE-2025-3920. It is possible to launch the attack on the local host. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-7200 | krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5 quantity_upd.php med_name/med_cat/ex_date sql injection
8 months 1 week ago
A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection.
This vulnerability is traded as CVE-2025-7200. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
vuldb.com