Aggregator

中国有一定数量的风险实例

A vulnerability was found in usememos memos up to 0.9.x. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-0106. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in firefly-iii up to 5.7.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authorization. This vulnerability is known as CVE-2023-0298. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Rancher. This affects an unknown part of the component PRTB Handler. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2022-43759. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MacStadium Orka Plugin up to 1.31 on Jenkins. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to permission issues. This vulnerability was named CVE-2023-24431. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, has been found in publify up to 9.2.9. This issue affects some unknown processing. The manipulation leads to insecure storage of sensitive information. The identification of this vulnerability is CVE-2022-2815. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Uniswap Universal Router up to 1.0.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to improper access controls. This vulnerability was named CVE-2022-48216. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dromara Hutool 5.8.11. It has been classified as critical. Affected is an unknown function. The manipulation of the argument XmlUtil.readObjectFromXml leads to deserialization. This vulnerability is traded as CVE-2023-24162. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as critical, was found in Timetable Schedule 3.6.8 on Joomla. Affected is an unknown function. The manipulation of the argument eid as part of Parameter leads to sql injection. This vulnerability is traded as CVE-2018-17394. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

A hacktivist collective known as Keymous+ has emerged as a significant threat actor in the global cybersecurity landscape, claiming responsibility for over 700 distributed denial-of-service (DDoS) attacks throughout 2025. The group, which identifies itself as “North African hackers,” has been actively targeting organizations across Europe, North Africa, the Middle East, and parts of Asia since […]

The post Keymous+ Hacker Group Claims 700+ DDoS Attacks Around The Globe appeared first on Cyber Security News.

A newly disclosed critical vulnerability in Wing FTP Server has been assigned CVE-2025-47812 with a maximum CVSSv4 score of 10.0, allowing unauthenticated attackers to achieve complete server control.  The vulnerability, discovered by security researcher Julien Ahrens from RCE Security, affects all versions of Wing FTP Server up to and including version 7.4.3.  Key Takeaways1. CVE-2025-47812, […]

The post Wing FTP Server Max Severe Vulnerability Let Attackers Take Full Server Control appeared first on Cyber Security News.

Huawei предлагает язык, который думает за вас.

A vulnerability was found in Microsoft Edge. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to type confusion. This vulnerability was named CVE-2025-49713. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

丹麦奥胡斯大学的一项研究发现，女性并非天生比男性更容易被婴儿晚上的哭泣声惊醒。不过女性花在夜间照顾的可能性三倍于男性。研究人员开展了两项独立研究。第一项实验针对 142 名无孩成年人，结果发现女性对非常安静的声音的反应略强于男性。对于耳语级别的声音，无论是婴儿哭声还是常见的闹钟声，女性吵醒的可能性比男性高 14%。但如果声音的响度加强，男女之间不存在显著差异。第二项研究中丹麦 117 位初为人父母的夫妇记录了他们一周内的夜间照护情况。结果显示，母亲夜间婴儿照护的可能性是父亲的三倍。研究人员认为，社会因素而非生理差异才能解释其中的差异。丹麦最近将陪产假从两周延长至十一周，可能有助于平衡父母之间的育儿责任。

A vulnerability classified as critical has been found in WebGate eDVR Manager. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2015-2098. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Руководство сменили — вот теперь станет безопаснее. Или нет?

Windows Shortcut (LNK) files, traditionally used for creating quick access links to applications and files, have emerged as a prominent attack vector in the cybersecurity landscape. These seemingly innocuous files, identifiable by their small arrow icon overlay, are increasingly being weaponized by threat actors to execute malicious payloads while maintaining a facade of legitimacy. The […]

The post Weaponization of LNK Files Surge by 50% and Primarily Used in Four Different Malware Categories appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, was found in Johnmccollum Com Advertising 0.25. This affects an unknown part of the file index.php. The manipulation of the argument controller leads to path traversal. This vulnerability is uniquely identified as CVE-2010-1473. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.