Aggregator
RansomHub
11 months ago
cohenido
复旦白泽天梯多轮对话专项天梯结果出炉
11 months ago
【2025年多轮对话专项赛简况】本次赛集共包含100道测试问题集,围绕“犯罪行为”主题,每个问题集包含4-5个小问题,用于与大模型进行多轮交互。基于上述基准测试集,我们已对国内外32款知名商用大模型的
复旦白泽天梯多轮对话专项天梯结果出炉
11 months ago
首次!欧盟官方因违反数据保护法规向用户赔偿3000元
11 months ago
关注我们带你读懂网络安全欧盟法院首次因违反GDPR数据保护法规对欧盟官方处罚。前情回顾·网络安全事故赔偿因非法收集共享用户隐私数据,这家医疗公司赔偿超1.8亿元因泄露超23.5万患者数据,地方医疗机构
AI Agents越来越火,它可能存在一个严重安全隐患
11 months ago
关注我们带你读懂网络安全未来AI代理和老爷爷的共同点:都可能被网络钓鱼诈骗;如果AI代理真正实现大规模市场吸引力,它们可能会为身份管理市场带来棘手难题。前情回顾·新技术旧安全一句话让大模型聊天助手主动
首次!欧盟官方因违反数据保护法规向用户赔偿3000元
11 months ago
欧盟委员会向美国传输了受影响者的IP数据
AI Agents越来越火,它可能存在一个严重安全隐患
11 months ago
身份管理令人担忧
YAK-SSA,古希腊掌管PHP代码审计的神
11 months ago
之前的文章中曾为大家简单介绍过线上代码审计平台ssa.to今天牛牛就来为大家详细介绍一下如何用ssa进行PHP的代码审计tp封装的辅助参数,I/request方法thinkphp中的封装了请求对象,$
YAK-SSA,古希腊掌管PHP代码审计的神
11 months ago
之前的文章中曾为大家简单介绍过线上代码审计平台ssa,为大家详细介绍一下如何用ssa进行PHP的代码审计。
LDAPNightmare: эксплойт Windows оказался ловушкой для ИБ-специалистов
11 months ago
Обновления породили нового троянского коня для Microsoft.
CVE-2023-28120 | activesupport Gem on Ruby cross site scripting
11 months ago
A vulnerability classified as problematic has been found in activesupport Gem on Ruby. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2023-28120. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2023-27531 | Kredis Gem up to 1.3.0.0 on Ruby deserialization
11 months ago
A vulnerability has been found in Kredis Gem up to 1.3.0.0 on Ruby and classified as problematic. This vulnerability affects unknown code. The manipulation leads to deserialization.
This vulnerability was named CVE-2023-27531. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-13247 | Drupal Coffee up to 1.3.x cross site scripting
11 months ago
A vulnerability was found in Drupal Coffee up to 1.3.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting.
This vulnerability was named CVE-2024-13247. The attack can be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-13245 | Drupal CKEditor 4 LTS up to 1.0.0 cross site scripting
11 months ago
A vulnerability classified as problematic has been found in Drupal CKEditor 4 LTS up to 1.0.0. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2024-13245. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-27980 | Node.js 18.x/20.x/21.x on Windows child_process.spawn args os command injection
11 months ago
A vulnerability classified as critical was found in Node.js 18.x/20.x/21.x on Windows. This vulnerability affects the function child_process.spawn. The manipulation of the argument args leads to os command injection.
This vulnerability was named CVE-2024-27980. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
【漏洞通告】Ivanti多款产品缓冲区溢出漏洞(CVE-2025-0282)
11 months ago
通告编号:NS-2025-00012025-01-10TAG:Ivanti、缓冲区溢出、CVE-2025-0282漏洞危害:攻击者利用此漏洞,可实现任意代码执行版本:1.01漏洞概述近日,绿盟科技
【漏洞通告】Ivanti多款产品缓冲区溢出漏洞(CVE-2025-0282)
11 months ago
近日,绿盟科技监测到Ivanti发布安全公告,修复了Ivanti多款产品缓冲区溢出漏洞(CVE-2025-0282)。CVSS评分9.0,目前已发现在野利用,请相关用户尽快采取措施进行防护。
What is the best practice to securely host an application in Linux?
11 months ago
Охота на редакторов Википедии: в США готовят спецоперацию
11 months ago
Консерваторы хотят раскрыть личности википедистов за антисемитские правки.