Aggregator

A vulnerability, which was classified as critical, has been found in Macromedia Flash Player up to 5.0.30. This issue affects the function exec of the component SWF File Handler. The manipulation leads to improper privilege management. The identification of this vulnerability is CVE-2002-0477. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Композиторы и продюсеры объявили войну искусственному интеллекту: кто победит?

斯坦福研究员 Marietje Schaake 认为，除了能运用其巨大的经济实力外，科技公司开始扮演通常保留给政府的角色，在此过程中破坏了民主法治。在数字领域，私企对信息的控制、不受约束的代理能力和行动权几乎超过了政府。以网络安全为例，NSO Group Technologies 等私企开发的商业间谍软件让任何有财力的人都能获得情报服务能力，可用于入侵政治对手、法官、记者、重要员工、竞争对手等的智能手机窃取非常私密的情报。不只是科技巨头，小型科技公司也通过数字技术的发展而掌握了实际权力。这些能力、决策和权力曾专属于国家，现在正渗透到私营公司的手中，但不受约束，缺乏法治社会的权力制衡。

Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol. "A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may

A vulnerability classified as critical has been found in espeak-ruby Gem up to 1.0.2 on Ruby. This affects the function speak/save/bytes/bytes_wav in the library lib/espeak/speech.rb. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2016-10193. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Google has released several security patches for its Chrome browser, addressing critical vulnerabilities that malicious actors could exploit. The update is now available on the Stable channel, with version 130.0.6723.69/.70 for Windows and Mac and version 130.0.6723.69 for Linux. The rollout is expected to reach users over the coming days and weeks.  The Extended Stable […]

The post Google Patches Multiple Chrome Security Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The identification of this vulnerability is CVE-2024-10331. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in Arcadyan FMIMG51AX000J. This vulnerability affects unknown code of the component Alliance Wi-Fi Test Suite. The manipulation leads to command injection. This vulnerability was named CVE-2024-41992. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #427426 / VDB-281675

A vulnerability classified as critical has been found in Red Hat 3scale API Management Platform 2. This affects an unknown part of the component APICast. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-10295. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in WP Recipe Maker Plugin up to 9.6.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument tooltip leads to cross site scripting. This vulnerability is handled as CVE-2024-9650. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Compact WP Audio Player Plugin up to 1.9.13 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function sc_embed_player of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10176. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Contact Form 7 Plugin up to 2.0.1 on WordPress. It has been classified as problematic. Affected is the function field_group of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10180. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Extra Product Options Builder for WooCommerce Plugin up to 1.2.133 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9214. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in WP Adminify Plugin up to 4.0.1.6 on WordPress and classified as problematic. This vulnerability affects unknown code of the component SVG File Upload. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-8959. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in One Identity Safeguard for Privileged Sessions On Premise up to 7.0.5.0/7.5.0. This affects an unknown part of the component RDP. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-40595. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Ученые выяснили, как ИИ оценивает риск повторных преступлений.

知名手表厂商卡西欧遭勒索攻击，系统瘫痪且恢复无进展，公司运营受到极大影响，交付严重延迟，财报也推迟了约一周发布。

lattice的HNP问题（从理论到实践）

2024源鲁杯round1-crypto题解