Aggregator

当前环境出现异常，请完成验证以继续访问。

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常问题,需完成验证后方可继续访问系统.

Qantas said it is currently validating the contact, and has informed law enforcement

A vulnerability classified as problematic has been found in PHP Ashnews. This affects an unknown part. The manipulation leads to file inclusion. This vulnerability is uniquely identified as CVE-2006-0524. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Security researchers from the Socket Threat Research Team have uncovered a sophisticated network of eight malicious Firefox browser extensions that actively steal OAuth tokens, passwords, and spy on users through deceptive tactics. The discovery reveals a coordinated campaign that exploits popular gaming titles and utility applications to compromise user security across the Firefox ecosystem. Major […]

The post 8 New Malicious Firefox Extensions Steal OAuth Tokens, Passwords and Spy on Users appeared first on Cyber Security News.

上周关注度较高的产品安全漏洞(20250630-20250706)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞695个，其中高危漏洞345个、中危漏洞306个、低危漏洞44个。

A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The identification of this vulnerability is CVE-2025-7118. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-7119. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in SUR-FBD CMMS up to 2025.03.26 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component DLL File. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2025-3920. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mndpsingh287 Frontend File Manager Plugin up to 23.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2025-27358. The attack can be initiated remotely. There is no exploit available.

История пациента, который нашёл решение десятилетней болезни с помощью ChatGPT.

本网站使用技术、分析和 profiling cookies 来优化用户体验、追踪行为并提供个性化广告。用户可通过 Cookie Center 管理偏好或访问 Cookie Policy 了解更多信息，并可选择接受或拒绝所有 cookie。

A vulnerability classified as problematic has been found in ClientExec 3.0 Beta2. This affects an unknown part of the file index.php. The manipulation leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2007-2805. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in xmedcon 0.25.0 and classified as problematic. Affected by this vulnerability is the function malloc of the component DICOM File Handler. The manipulation leads to integer underflow. This vulnerability is known as CVE-2025-2581. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Toncoin项目宣称投资者质押10万美元TON代币并支付3.5万美元手续费可获阿联酋10年黄金签证。Telegram创始人杜罗夫转发宣传。阿联酋官方否认与该项目关联，强调数字资产投资受法规管辖，提醒投资者防范诈骗。

独特的“谁开发，谁负责”警报处理模式以及将安全视为软件工程的理念

Check Point has discovered over 1000 suspicious domains registered in the run-up to Amazon Prime Day

欧盟新规要求标明电池额定充电次数，三星手机电池表现最佳，通常可达2000次；Google Pixel和Fairphone等品牌多为1000-1400次；苹果iPhone 16系列为1000次。