Aggregator

A vulnerability was found in Microsoft Internet Explorer 11. It has been rated as problematic. Affected by this issue is the function CHttpHeaderParser::ParseStatusLine in the library wininet.dll. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2016-3325. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

根据国家信息安全漏洞库（CNNVD）统计，本周（2025年3月17日至2025年3月23日）安全漏洞情况如下

Chainguard announced Chainguard VMs, a new product line offering minimal, zero-CVE virtual machine images built entirely from source. Purpose-built for modern, ephemeral workloads in the cloud, Chainguard VMs represent a stark contrast to the legacy, general-purpose VMs that dominate the market today. Chainguard VMs are guarded container host images, which offer a cloud-agnostic, threat-resistant environment for deploying and running containers. Chainguard VMs will help enterprises reduce costly engineering toil associated with container host maintenance and … More →

The post Chainguard VMs reduces risk and engineering complexity appeared first on Help Net Security.

Цена атаки упала в десятки раз – теперь ваш аккаунт стоит как чашка кофе.

新型SectopRAT木马武器化Cloudflare验证系统，通过伪造CAPTCHA攻击Windows用户，窃取敏感数据并建立持久后门。企业感染率激增，传统安全方案难检测。

A vulnerability, which was classified as very critical, was found in MLflow 1.1.0. This affects an unknown part. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-37053. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Gradio and classified as critical. This vulnerability affects unknown code. The manipulation of the argument GITHUB_TOKEN/HF_TOKEN/VERCEL_ORG_ID/VERCEL_PROJECT_ID/COMMENT_TOKEN/AWSACCESSKEYID/AWSSECRETKEY/VERCEL_TOKEN leads to improper authorization. This vulnerability was named CVE-2024-4254. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in MLflow 1.1.0 and classified as very critical. This issue affects some unknown processing. The manipulation leads to deserialization. The identification of this vulnerability is CVE-2024-37052. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in MLflow 0.9.0. It has been classified as very critical. Affected is an unknown function. The manipulation leads to deserialization. This vulnerability is traded as CVE-2024-37054. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Newsletter Plugin up to 8.3.4 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument np1 leads to cross site scripting. This vulnerability is known as CVE-2024-5317. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in Wow-Company Easy Digital Downloads Plugin up to 1.0.2 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2024-35629. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in WPvivid Backup for MainWP Plugin up to 0.9.32 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-35664. The attack can be initiated remotely. There is no exploit available.

Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a