#vulnerability

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting

The sheer amount of technologies today has created a massive boom in innovation, allowing organizations globally to create software in a variety of ways. While having numerous technologies to create software is advantageous, it also presents a challenge—managing the complexity of using so many tools and technologies.Platform engineering is an emerging practice to help organizations streamline their tools and infrastructure into a single cohesive point, known as an internal developer portal(IDP). The goal is to consolidate technologies, knowledge and best practices to boost overall productivi

The ABB Cylon Aspect BMS/BAS controller is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected XSS vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixated session.

SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.

The ABB Cylon FLXeon BACnet controller is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service (DoS) condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON objects by sending specially crafted requests through the ports JSON array. This results in excessive memory and CPU usage, causing resource exhaustion and potential service failure.

Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…

### Impact - Information that is restricted from viewing in the search results of site searches (※) can still be viewed via the main text (a feature added in v1.8.0). - Impact by version - v1.8.0 ~ v1.8.3: It will be displayed in the text. - v1.8.0 and earlier: It will not be displayed in the body of the text, but the title (frame name) will be displayed with a link. - Target viewing restriction function - Frame publishing function (private, limited publishing) - IP Restriction Page - Password setting page ### Patches (fixed version) - Apply v1.8.4. ### Workarounds - Remove the site search (e.g. hide frames).。 ### References none

### Impact（影響） There is an Access control vulnerability on the management system of Connect-CMS. Affected Version : Connect-CMS v1.8.6, 2.4.6 and earlier ### Patches（修正バージョン） version v1.8.7, v2.4.7 ### Workarounds（運用回避手段） Upgrade Connect-CMS to latest version

Security questionnaires serve as essential tools for building connections and trust in the digital realm. They help in…