Aggregator

SciMaster 让科研不再只是科学家的专属，也让「像科研一样思考」成为更多人的可能。

A critical security vulnerability in the popular AI-powered development platform Base44 allowed unauthorized attackers to bypass authentication controls and gain access to private enterprise applications, according to a new report from Wiz Research. The flaw, which has since been patched, exposed sensitive corporate data across multiple organizations using the vibe coding platform for internal tools […]

The post Severe Vulnerability in AI Vibe Lets Attackers Access Private User Applications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

ChatGPT agents demonstrate the ability to autonomously bypass Cloudflare’s CAPTCHA verification systems, specifically the ubiquitous “I am not a robot” checkbox.  This development, first documented in a viral Reddit post on the r/OpenAI community, showcases the evolving sophistication of AI agents in navigating web security measures. Key Takeaways1. ChatGPT agent successfully bypassed Cloudflare's "I am […]

The post ChatGPT Agent Bypasses Cloudflare “I am not a robot” Verification Checks appeared first on Cyber Security News.

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to cross site scripting. This vulnerability was named CVE-2025-8340. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. This vulnerability is uniquely identified as CVE-2025-8339. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. This vulnerability is handled as CVE-2025-8338. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #624681 / VDB-318292

Submit #624673 / VDB-318291

Windows11轻松设置是一款由oyksoft开发的系统优化工具，支持禁用系统还原、搜索热点等功能，并可卸载预装软件、安装常用软件及修改Edge和隐私设置等，适合喜欢深度优化系统的用户使用。

A vulnerability has been found in Silabs Zigbee Stack up to 4.3.4/2024.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unchecked return value. This vulnerability is known as CVE-2025-1394. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as critical, was found in Silabs Zigbee up to 4.3.3/2024.6.1. Affected is an unknown function of the component CPCd. The manipulation leads to improper locking. This vulnerability is traded as CVE-2025-1221. Access to the local network is required for this attack. There is no exploit available.

Submit #624670 / VDB-315870

Submit #624648 / VDB-315160

Submit #624646 / VDB-318290

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The identification of this vulnerability is CVE-2025-8337. The attack may be initiated remotely. Furthermore, there is an exploit available.

Учётку разработчика LibreOffice заблокировали без шанса на апелляцию.

Submit #624294 / VDB-315871

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-8336. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #624187 / VDB-318287

A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-8335. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.