Aggregator

今日暂未更新资讯~
更多最新文章，请访问SecWiki

SERVER KILLERS Targeted the Website of Government Portal of Belgium

A vulnerability has been found in Uguu up to 1.8.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-55279. The attack can be launched remotely. There is no exploit available.

Alleged Sale of CarFax Law Enforcement Plate Search Service for USA and Canada

关于Java CommonsCollections 反序列化链 的进阶绕过技巧

库克（Tim Cook）来华出席了中国发展高层论坛，宣布设立 7.2 亿元清洁能源投资基金，该基金的目标是每年为中国电网新增约 55 万兆瓦时的风能和太阳能发电能力，帮助苹果达成到 2030 年全部碳足迹实现碳中和这一目标。库克在接受官媒采访时称赞了中国 AI 公司 DeepSeek，称其模型非常出色。苹果正在等待官方批准将 Apple Intelligence 引入国行版 iPhone 手机。国行 Apple Intelligence 据报道将使用阿里巴巴的大模型，原因是 Deepseek 团队缺乏支持像苹果这样的大客户所需的人力和经验。

Ассамблея против слежки МВД.

FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.

A vulnerability was found in FriendlyElec FriendlyWrt 2022-11-16.51b3d35. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-2495. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been classified as critical. This affects an unknown part of the file /amssplus/modules/book/main/select_send.php. The manipulation of the argument sd_index leads to sql injection. This vulnerability is uniquely identified as CVE-2024-2584. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been declared as critical. This vulnerability affects unknown code of the file /amssplus/modules/book/main/select_send_2.php. The manipulation of the argument sd_index leads to sql injection. This vulnerability was named CVE-2024-2585. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been rated as critical. This issue affects some unknown processing of the file /amssplus/index.php. The manipulation of the argument Username leads to sql injection. The identification of this vulnerability is CVE-2024-2586. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Colorlib Coming Soon & Maintenance Mode Plugin up to 1.0.99 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-1473. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in File Manager Plugin up to 7.2.5 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-2654. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in SiteOrigin Widgets Bundle Plugin up to 1.60.0 on WordPress and classified as problematic. This issue affects the function siteorigin_widget of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-4362. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in NicheAddons Charity Addon for Elementor Plugin up to 1.3.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-44026. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-1260 and DIR-2150. It has been declared as critical. This vulnerability affects unknown code of the component CLI Command Handler. The manipulation leads to command injection. This vulnerability was named CVE-2023-44415. The attack needs to be approached within the local network. There is no exploit available.

Linus Torvalds 罕见的在美国时间周一早上而不是在传统的周日下午释出了 Linux Kernel 6.14，他解释说推迟发布的原因是“纯粹的无能”aka 他在忙其他事情时忘记了发布。6.14 的主要新特性包括：Btrfs RAID1 读平衡；NT 同步原语驱动，显著改进游戏性能；新的 fsnotify 事件 (FS_PRE_ACCESS)；支持 AMD NPU 的驱动 amdxdna；PowerPC 架构支持惰性抢占；使用 AMD Secure Encrypted Virtualization 的 x86 系统支持客户机的安全时间戳计数器；等等，更多可浏览 KernelNewbies 6.14 网页。