Aggregator

通告编号:NS-2025-00052025-01-21TAG：MongoDB Mongoose、搜索注入、CVE-2025-23061漏洞危害：攻击者利用此漏洞，可实现代码注入。 版本：1.01漏洞概

近日，绿盟科技CERT监测到GitHub发布安全公告，Mongoose中修复了一个搜索注入漏洞（CVE-2025-23061）。CVSS评分9.0，请相关用户尽快采取措施进行防护。

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for 2025, providing essential insights for developers and security teams in the rapidly evolving Web3 environment. This document outlines the most pressing vulnerabilities found in smart contracts, serving as a crucial resource for maintaining security and protecting against exploitation. OWASP’s new release […]

The post OWASP Smart Contract Top 10 2025 Released – What’s new! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is the function CreateDIBPalette of the file win32k.sys of the component Driver. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2010-2739. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Media Player 9.x and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2010-2745. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality in the library Common Control Library of the component Integer Truncation Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2010-2746. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 4.0 and classified as problematic. This vulnerability affects the function js_InitRandom of the component Random Number Generator. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2010-3399. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as very critical was found in IBM solidDB. Affected by this vulnerability is an unknown functionality of the file solid.exe. The manipulation leads to code injection. This vulnerability is known as CVE-2010-2771. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Автономный транспорт проник в сердце военных объектов Филиппин.

As part of our ongoing research of the IBM i platform we monitor news and updates rela

以中国创新元素 引领AI数据安全新时代

大洋洲地区的公司机构正在开始将网络保险视为其安全工具包的重要组成部分。

在新春佳节前夕，2025年1月15日，天空卫士在香港九龙香格里拉酒店隆重举办“以中国创新元素 引领AI数据安全新时代”为主题的交流会，为香港数字安全领域注入创新活力。天空卫士2022年进驻香港市场，短

环境异常 当前环境异常，完成验证后即可继续访问。 去验证

A vulnerability was found in KVIrc up to 4.0.2. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to Privilege Escalation. This vulnerability was named CVE-2010-2785. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Zabbix and classified as problematic. This issue affects the function formatQuery. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2010-2790. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Cisco IOS 15.0. Affected is an unknown function of the component TCP Connection Handler. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2010-2827. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Uzbl 2009.12.22/2010.01.04/2010.04.03. This affects an unknown part of the component Default Configuration. The manipulation of the argument HREF leads to code injection. This vulnerability is uniquely identified as CVE-2010-2809. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.