Aggregator

CVE-2025-8132 | yanyutao0402 ChanCMS up to 3.1.2 app/extend/utils.js delfile path traversal (ICLOT8 / EUVD-2025-22569)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. This vulnerability is handled as CVE-2025-8132. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-8155 | D-Link DCS-6010L 1.15.03 Management Application /vb.htm paratest cross site scripting (EUVD-2025-22584)

Vuldb Updates
1 month 1 week ago
A vulnerability has been found in D-Link DCS-6010L 1.15.03 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vb.htm of the component Management Application. The manipulation of the argument paratest leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-8155. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

微软 CEO 轻淡的回应公司裁员之谜

Solidot
1 month 1 week ago
微软 CEO 纳德拉(Satya Nadella)周四在给员工的备忘录中简单回应了大规模裁员引发员工担忧一事。微软在股价创新高利润创纪录向 AI 大规模投资的同时进行了大规模裁员,今年至今裁员逾 1.5 万人,其中 7 月初裁掉了 9 千人。为什么公司状况如此之好却仍然进行裁员?纳德拉使用了标准的模糊语言,没有正面回应,只是说裁员给员工带来了压力,但是进步不是沿着一条直线,是动态的,有时候不协调,但总是苛刻的,我们还是来谈谈使命吧。这是高管或政客在不愿意正面回应时使用的话术,没什么意义,他不愿意告诉员工他的薪酬是与利润和股价挂钩,而不是与员工的忠诚挂钩,裁员能让投资者或股东满意,对投资者有利,对他也有利。

CVE-2022-29970 | Sinatra up to 2.1.x Static File privilege escalation (Nessus ID 242690)

Vuldb Updates
1 month 1 week ago
A vulnerability, which was classified as problematic, was found in Sinatra up to 2.1.x. This affects an unknown part of the component Static File Handler. The manipulation leads to privilege escalation. This vulnerability is uniquely identified as CVE-2022-29970. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-45442 | Sinatra up to 2.2.2/3.0.3 Header Content-Disposition code download (GHSA-8x94-hmjh-97hq / Nessus ID 242690)

Vuldb Updates
1 month 1 week ago
A vulnerability was found in Sinatra up to 2.2.2/3.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Header Handler. The manipulation of the argument Content-Disposition leads to download of code without integrity check. This vulnerability is known as CVE-2022-45442. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Multiple Vulnerabilities in Tridium Niagara Framework Let Attacker to Collect Sensitive Data from the Network

Cyber Security News
1 month 1 week ago

Researchers identified 13 critical vulnerabilities in Tridium’s widely-deployed Niagara Framework that could allow attackers to compromise building automation systems and collect sensitive network data.  The vulnerabilities, affecting versions 4.10u10 and earlier, as well as 4.14u1 and earlier, enable attackers with network access to execute sophisticated attack chains resulting in complete system compromise, including root-level remote […]

The post Multiple Vulnerabilities in Tridium Niagara Framework Let Attacker to Collect Sensitive Data from the Network appeared first on Cyber Security News.

Florence

U.S. Woman Sentenced to 8.5 Years for Role in North Korean Worker Scam

Security Boulevard
1 month 1 week ago

Christina Marie Chapman, an Arizona resident, was sentenced to 8.5 years in prison for her role in a wide-ranging North Korean IT worker scam that sent $17 million to the outlaw country. Chapman ran a laptop farm from her home, validated stolen U.S. identities for the scammers, and transferred money overseas to the bad actors.

The post U.S. Woman Sentenced to 8.5 Years for Role in North Korean Worker Scam appeared first on Security Boulevard.

Jeffrey Burt

Managed ad