Aggregator

快速浏览！2025.6.30—7.6安全动态周回顾。

与传统的网络钓鱼不同，这些类型的攻击通常通过社交媒体帖子、广告、欺骗网站和包含恶意钱包耗尽脚本的恶意浏览器扩展来推广。

当前环境出现异常状态，需完成验证操作后才能继续访问相关内容或功能。

当前环境出现异常状态,需完成验证后才能继续访问相关内容或服务,请按照提示进行操作以解决问题。

In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also shares what needs to change to keep development secure as AI becomes more common. We’re seeing AI-assisted development pull in hundreds of dependencies from diverse sources at speed. From your perspective, what’s the most … More →

The post AI built it, but can you trust it? appeared first on Help Net Security.

A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is traded as CVE-2025-7152. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument photo leads to unrestricted upload. The identification of this vulnerability is CVE-2025-7151. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/voters_delete.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-7150. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/candidates_delete.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7149. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Физики нашли способ “запереть” волну в одном направлении.

Submit #606230 / VDB-315092

A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-7148. The attack may be launched remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.

Submit #606216 / VDB-315091

A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. This vulnerability is known as CVE-2025-7147. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #606226 / VDB-315090

Submit #606224 / VDB-315089

Submit #606219 / VDB-315088

Submit #606214 / VDB-315087

Submit #606220 / VDB-225939

A vulnerability, which was classified as problematic, was found in Broadcom Symantec IT Management Suite 8.6.x/8.7.x 8.8. Affected is an unknown function of the component IT Management Agent Secure Storage. The manipulation leads to unprotected storage of credentials. This vulnerability is traded as CVE-2025-24508. It is possible to launch the attack on the local host. There is no exploit available.