SecWiki News 2026-05-15 Review
今日暂未更新资讯~
更多最新文章,请访问SecWiki
更多最新文章,请访问SecWiki
Aggregator
Avada Builder WordPress plugin flaws allow site credential theft
1 month 1 week ago
Two vulnerabilities in the Avada Builder plugin for WordPress, with an estimated one million active installations, allow hackers to read arbitrary files and extract sensitive information from the database. [...]
Bill Toulas
中欧合作揭示地球磁场的形状
1 month 1 week ago
如果一切顺利行,Solar wind Magnetosphere Ionosphere Link Explorer(SMILE)探测器将于 5 月 19 日从法属圭亚那的欧洲航天发射场发射升空。它将采用一种新技术绘制地球磁场图。地球磁场通过偏转大部分太阳带电粒子流,使地球适宜居住。太阳风的激增会干扰卫星、无线电通信,甚至电网。SMILE 是中欧合作项目,有望增进对相关物理机制的理解,提高对太阳风暴的预测能力。很多探测器都探测过地磁层,但它们只能从磁层内部进行观测,观测范围限于每颗卫星所在的位置。SMILE 将发射到一个高椭圆轨道,位于北极上方最远 12.1 万公里处。从这里 SMILE 的核心仪器——一台软 X 射线成像仪——将监测整个面向太阳的磁层边缘。当太阳风中的带电粒子从地球高层大气中的中性原子捕获电子时,电子在跃迁到较低能级时会发射 X 射线。通过绘制太阳风与磁层交界处狭窄边界的辐射图,SMILE 将能近乎实时追踪地球磁场的响应。SMILE 的紫外成像仪则将观测极光——自然界最壮观的景象之一。
Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker
1 month 1 week ago
Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and recruits partners to spread its malware. For defenders, this is […]
The post Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker appeared first on Cyber Security News.
Tushar Subhra Dutta
Думаете, ваши голосовые в WhatsApp защищены? Вот список расширений, которые перехватывают аудио перед отправкой
1 month 1 week ago
148 тысяч установок под видом CRM для бизнеса.
OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack
1 month 1 week ago
A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimated 245,000 publicly accessible server instances exposed to remote exploitation, credential theft, and persistent backdoor installation. Originally launched as “Clawdbot” in late 2025, OpenClaw connects large language models directly to filesystems, SaaS applications, […]
The post OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack appeared first on Cyber Security News.
Guru Baran
CVE-2017-3315 | Oracle PeopleSoft 9.2 HCM ePerformance information disclosure (BID-95510 / ID 1037634)
1 month 1 week ago
A vulnerability classified as critical has been found in Oracle PeopleSoft 9.2. The impacted element is an unknown function of the component HCM ePerformance. Performing a manipulation results in information disclosure.
This vulnerability is cataloged as CVE-2017-3315. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2017-3324 | Oracle Primavera P6 Enterprise Project Portfolio Management Web Access access control (BID-95528)
1 month 1 week ago
A vulnerability described as critical has been identified in Oracle Primavera P6 Enterprise Project Portfolio Management up to 16.2. The impacted element is an unknown function of the component Web Access. Executing a manipulation can lead to improper access controls.
The identification of this vulnerability is CVE-2017-3324. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2017-3316 | Oracle VM VirtualBox up to 5.0.31/5.1.13 GUI input validation (EDB-41196 / Nessus ID 96609)
1 month 1 week ago
A vulnerability identified as critical has been detected in Oracle VM VirtualBox up to 5.0.31/5.1.13. Affected is an unknown function of the component GUI. The manipulation leads to improper input validation.
This vulnerability is traded as CVE-2017-3316. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
You should upgrade the affected component.
vuldb.com
CVE-2017-3317 | Oracle MySQL Server 5.5.53/5.6.34/5.7.16 Logging denial of service (Nessus ID 96732 / ID 175942)
1 month 1 week ago
A vulnerability was found in Oracle MySQL Server 5.5.53/5.6.34/5.7.16. It has been classified as problematic. Affected by this issue is some unknown functionality of the component Logging. The manipulation leads to denial of service.
This vulnerability is listed as CVE-2017-3317. The attack must be carried out locally. There is no available exploit.
Upgrading the affected component is recommended.
vuldb.com
CVE-2017-3318 | Oracle MySQL Server 5.5.53/5.6.34/5.7.16 Error Handling access control (Nessus ID 96732 / ID 175942)
1 month 1 week ago
A vulnerability was found in Oracle MySQL Server 5.5.53/5.6.34/5.7.16. It has been declared as problematic. This affects an unknown part of the component Error Handling. The manipulation results in improper access controls.
This vulnerability is cataloged as CVE-2017-3318. The attack must be initiated from a local position. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2017-3321 | Oracle MySQL Cluster 7.2.19/7.3.8/7.4.5 input validation (Nessus ID 96727 / BID-95562)
1 month 1 week ago
A vulnerability was found in Oracle MySQL Cluster 7.2.19/7.3.8/7.4.5. It has been rated as problematic. This vulnerability affects unknown code of the component Cluster. This manipulation causes improper input validation.
This vulnerability is registered as CVE-2017-3321. Remote exploitation of the attack is possible. No exploit is available.
Upgrading the affected component is advised.
vuldb.com
CVE-2017-3323 | Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12 input validation (Nessus ID 96726 / BID-95575)
1 month 1 week ago
A vulnerability categorized as problematic has been discovered in Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12. This issue affects some unknown processing of the component Cluster. Such manipulation leads to improper input validation.
This vulnerability is documented as CVE-2017-3323. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2017-3322 | Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12 Cluster NDBAPI denial of service (Nessus ID 96726 / BID-95574)
1 month 1 week ago
A vulnerability identified as problematic has been detected in Oracle MySQL Cluster 7.2.25/7.3.14/7.4.12. Impacted is an unknown function of the component Cluster NDBAPI. Performing a manipulation results in denial of service.
This vulnerability is reported as CVE-2017-3322. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2017-3319 | Oracle MySQL Server up to 5.7.16 X Plugin information disclosure (Nessus ID 96618 / ID 20029)
1 month 1 week ago
A vulnerability labeled as problematic has been found in Oracle MySQL Server up to 5.7.16. The affected element is an unknown function of the component X Plugin. Executing a manipulation can lead to information disclosure.
This vulnerability appears as CVE-2017-3319. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2017-3320 | Oracle MySQL Server up to 5.7.16 Encryption access control (Nessus ID 96618 / ID 20029)
1 month 1 week ago
A vulnerability marked as problematic has been reported in Oracle MySQL Server up to 5.7.16. The impacted element is an unknown function of the component Encryption. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2017-3320. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
KRYBIT
1 month 1 week ago
You must login to view this content
cohenido
Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers
1 month 1 week ago
A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm that quietly tunnels through developer environments, stealing credentials from npm, GitHub, AWS, and Kubernetes all at once. Hundreds of malicious packages have already been tied to this campaign, making […]
The post Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers appeared first on Cyber Security News.
Tushar Subhra Dutta
英国对 MS Office 涉嫌垄断展开调查
1 month 1 week ago
英国竞争市场管理局(CMA)正式启动调查,查明微软将 Windows、Office、Teams、Copilot 及相关产品捆绑销售是否构成不公平竞争。CMA CEO Sarah Cardell 表示,商业软件是英国经济的基石,数十万客户依赖微软的系统。她表示 CMA 的目标是了解市场的发展情况,微软在其中的地位,考虑是否需要采取任何有针对性的措施,以确保英国企业能从选择、创新和具有竞争力的价格中受益。微软捆绑销售办公软件、AI 和云计算的做法将是英国的调查对象。调查预计将于明年 2 月结束。
Debian обязал разработчиков доказывать «чистоту» своего кода
1 month 1 week ago
Система миграции Debian начала автоматически блокировать пакеты, которые не проходят тест воспроизводимости.