A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE Database V5

Detailed information about CVE-2025-14259: SQL Injection in Jihai Jshop MiniProgram Mall System affecting Jihai Jshop MiniProgram Mall System. Get real-time upd

CVE-2025-14259: SQL Injection in Jihai Jshop MiniProgram Mall System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-14259: SQL Injection in Jihai Jshop MiniProgram Mall System

Google has enhanced Chrome's agentic AI browsing capabilities to defend against indirect prompt injection attacks by implementing user alignment critics, expanded origin isolation, and mandatory user confirmations. These measures aim to prevent malicious actors from manipulating AI-driven browser agents through crafted prompts that could lead to unintended actions or data exposure. Although no known exploits are currently active in the wild, the medium severity rating reflects the potential risks associated with prompt injection vulnerabilities in AI components embedded within browsers. European organizations using Chrome with agentic AI features should be aware of these protections and ensure their browsers are updated to benefit from these security enhancements. The threat primarily targets the integrity and confidentiality of user interactions with AI agents, with limited impact on availability. Countries with high Chrome adoption and significant digital infrastructure are more likely to be affected. Mitigation involves applying updates promptly, monitoring AI agent behavior, and educating users about confirmation prompts. Given the complexity of AI prompt injection and the mitigations introduced, the suggested severity is medium.

The threat concerns indirect prompt injection attacks targeting Chrome's agentic AI browsing features. Agentic AI refers to AI components integrated into the browser that can autonomously perform tasks or make decisions based on user prompts or web content. Indirect prompt injection involves an attacker crafting inputs or web content that manipulates the AI's prompt context, causing it to execute unintended commands or disclose sensitive information. To counter this, Google has introduced several security enhancements: a user alignment critic that evaluates AI outputs for alignment with user intent, expanded origin isolation to segregate AI contexts based on web origins to prevent cross-origin contamination, and mandatory user confirmations for sensitive AI-driven actions to ensure explicit user consent. These measures collectively reduce the attack surface for prompt injection by limiting the AI's ability to be influenced by malicious inputs and by requiring user validation before executing potentially risky operations. Although no specific affected Chrome versions or exploits are detailed, the medium severity indicates a moderate risk level. The absence of CVEs or known exploits suggests these are proactive defenses rather than reactive patches. The threat primarily impacts the confidentiality and integrity of AI interactions within the browser, with potential risks including unauthorized data access or manipulation of AI-driven browsing behaviors. The mitigations reflect a layered defense approach combining technical isolation, behavioral analysis, and user involvement.

SecurityWeek

Detailed information about Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks. Get real-time updates, technical details, and mitigatio

Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Google Fortifies Chrome Agentic AI Against Indirect Prompt Injection Attacks

The article '10 (Not So) Hidden Dangers of Age Verification' highlights significant privacy and security risks associated with age verification systems. These systems, often mandated to restrict access to age-restricted content, can inadvertently expose sensitive personal data, increase surveillance risks, and create new attack surfaces. The dangers include data breaches, identity theft, and misuse of biometric or government-issued ID data. European organizations implementing such systems must carefully consider data protection regulations like GDPR and the potential reputational damage from mishandling sensitive information. Mitigation requires adopting privacy-preserving verification methods, minimizing data collection, and ensuring robust encryption and secure storage. Countries with high digital service adoption and strict age verification laws, such as Germany, France, and the UK, are particularly at risk. Given the medium severity, the threat primarily impacts confidentiality and privacy, with moderate ease of exploitation due to reliance on third-party verification services. Defenders should prioritize privacy-centric designs and compliance with European data protection standards.

Age verification systems are increasingly used to enforce legal restrictions on access to online content, such as adult material or gambling sites. However, these systems introduce multiple security and privacy risks. The article from the Electronic Frontier Foundation (EFF) outlines ten key dangers, including the collection and storage of sensitive personal data (e.g., government IDs, biometric data), which can be targeted by attackers leading to identity theft or fraud. The centralization of such data creates attractive targets for cybercriminals. Additionally, age verification can enable pervasive surveillance and tracking, undermining user anonymity and privacy. Many implementations rely on third-party services, increasing the attack surface and potential for data misuse or breaches. The article also discusses risks related to inadequate security controls, lack of transparency, and insufficient user consent mechanisms. For European organizations, these risks are compounded by stringent data protection laws such as GDPR, which impose heavy penalties for data mishandling. The threat is not a direct software vulnerability but a systemic risk arising from the design and deployment of age verification technologies, requiring careful consideration of privacy and security principles.

Reddit InfoSec News

Detailed information about 10 (Not So) Hidden Dangers of Age Verification. Get real-time updates, technical details, and mitigation strategies.

10 (Not So) Hidden Dangers of Age Verification - Live Threat Intelligence - Threat Radar | OffSeq.com

10 (Not So) Hidden Dangers of Age Verification

Reddit Discussion: 10 (Not So) Hidden Dangers of Age Verification

CVE-2025-65804 is a stack overflow vulnerability in the Tenda AX3 router firmware version 16. 03. 12. 11, specifically in the formSetIptv function via the iptvType parameter. Exploiting this flaw can lead to memory corruption and potentially remote code execution without requiring authentication. Although no public exploits are currently known, successful exploitation could allow attackers to fully compromise affected routers. This poses significant risks to network confidentiality, integrity, and availability. European organizations using Tenda AX3 routers should prioritize patching or mitigating this vulnerability. Countries with higher market penetration of Tenda devices and critical infrastructure relying on such routers are at greater risk. Immediate mitigation steps include network segmentation, disabling IPTV features if unused, and monitoring for suspicious activity.

CVE-2025-65804 is a stack overflow vulnerability found in the Tenda AX3 router firmware version 16.03.12.11. The vulnerability resides in the formSetIptv function, which processes the iptvType parameter. Improper handling of this parameter leads to a stack overflow condition, causing memory corruption. This memory corruption can be leveraged by an attacker to execute arbitrary code remotely on the router. The vulnerability does not require authentication, meaning an attacker can exploit it remotely without prior access to the device. The lack of a CVSS score and absence of known exploits in the wild suggest this is a newly disclosed vulnerability, but the technical details indicate a critical risk due to the potential for remote code execution. The affected device, Tenda AX3, is a widely used consumer and small business router, often deployed in home and office networks. Exploitation could allow attackers to take full control of the device, intercept or manipulate network traffic, and pivot to internal networks. The vulnerability’s exploitation vector is through the IPTV configuration interface, which may be exposed on the local network or potentially remotely if remote management is enabled. No patches or mitigations have been officially published at the time of disclosure, increasing the urgency for users to apply vendor updates once available or implement interim protective measures.

Detailed information about CVE-2025-65804: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65804: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-65804: n/a

SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter.

Detailed information about CVE-2025-64081: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-64081: n/a

CVE-2025-64081: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-14259: SQL Injection in Jihai Jshop MiniProgram Mall System

CVE-2025-65804: n/a

CVE-2025-48625: Elevation of privilege in Google Android

CVE-2025-48608: Information disclosure in Google Android

CVE-2025-48606: Elevation of privilege in Google Android

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility