Aggregator

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is handled as CVE-2025-6570. The attack may be launched remotely. Furthermore, there is an exploit available.

从 Google X 分拆出来的创业公司 IYO 就 IO 商标起诉了 OpenAI 和 Jony Ive 的 IO Products, Inc. 公司。 OpenAI 于 2025 年 5 月 21 日宣布以 65 亿美元收购 IO，但前几天悄悄撤销了相关的宣传材料。IYO 生产名为 IYO ONE 的耳戴式设备，允许用户通过语音命令与计算机和 AI 进行交互，无需屏幕或键盘。起诉书指控被告故意为竞争产品使用一个易混淆的名称。起诉书称，OpenAI CEO Sam Altman 和 Ive 的设计工作室 LoveFrom 在 2022-2025 年间多次与 IYO 代表会面，了解 IYO 的技术和商业计划细节。2025 年 3 月，Altman 告诉 IYO 正在开发名为 io 的竞争产品。IO Products 成立于 2023 年 9 月，致力于开发与 IYO 产品类似的无屏电脑交互硬件。诉讼寻求禁制令(injunctive relief)，要求对商标侵权和不正当竞争赔偿。

A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. This vulnerability is known as CVE-2025-6569. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is traded as CVE-2025-6568. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #601698 / VDB-313742

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-6567. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-6566. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #601612 / VDB-313741

Submit #601344 / VDB-313740

Submit #601339 / VDB-313739

Submit #597453 / VDB-313738

A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6565. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #590030 / VDB-313737

美国网络部队可能以多种方式支持了美军“午夜之锤行动”

AT&T屡屡爆出重大数据泄露事故

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A vulnerability was found in Quest KACE SMA up to 14.1 and classified as critical. Affected by this issue is some unknown functionality of the component License Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-32978. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Quest KACE SMA up to 14.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Backup Handler. The manipulation leads to improper verification of cryptographic signature. This vulnerability is known as CVE-2025-32977. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Quest KACE SMA up to 14.1. Affected is an unknown function of the component 2FA. The manipulation leads to authentication bypass using alternate channel. This vulnerability is traded as CVE-2025-32976. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.