科学家称美国能源部的气候报告充斥着错误
数十名科学家联署驳斥了美国能源部的气候报告,认为报告充斥着错误。报告声称二氧化碳浓度上升能给美国农业带来“净收益”,但忽视了高温以及气候变化引发的极端天气事件对农作物的负面影响。特朗普任命的美国新能源部长 Chris Wright 是知名的气候变化否定论者,他也是一位前化石能源公司高管——他担任过美国第二大水力压裂油服公司 Liberty Energy CEO。他公开表示过,“气候危机并不存在,我们也没有处于能源转型之中”。
Aggregator
PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability
6 days 6 hours ago
A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps communities. The flaw resides in the unsafe deserialization of HTTP header contents in both the msdeployagentservice and msdeploy.axd endpoints, enabling authenticated attackers to execute arbitrary code on target […]
The post PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability appeared first on Cyber Security News.
Florence Nightingale
The New Threat to Android: Why Malware Droppers Are Getting Smarter
6 days 6 hours ago
Low-profile droppers, long considered auxiliary tools in the arsenals of Android banking trojans and RATs, are undergoing a
The post The New Threat to Android: Why Malware Droppers Are Getting Smarter appeared first on Penetration Testing Tools.
ddos
HelloGookie / Kraken Forum Emergence and Data Leak Activity
6 days 6 hours ago
You must login to view this content
cohenido
Warning: Fake npm Package Hijacks Crypto Wallets
6 days 6 hours ago
Researchers at Socket have uncovered a malicious npm package named nodejs-smtp, masquerading as the widely used nodemailer library
The post Warning: Fake npm Package Hijacks Crypto Wallets appeared first on Penetration Testing Tools.
ddos
Salesloft Breach Triggers Global Threat Cascade
6 days 6 hours ago
A large-scale theft of authentication tokens from Salesloft, developer of the corporate chatbot platform, has triggered a chain
The post Salesloft Breach Triggers Global Threat Cascade appeared first on Penetration Testing Tools.
ddos
清洁公司CleanCore任命马斯克律师为董事会主席 决定投资狗狗币后股价暴跌60%
6 days 6 hours ago
埃隆·马斯克的律师亚历克斯·斯皮罗成为CleanCore董事会主席后,决定投资1.75亿美元购买狗狗币。然而,这一决定导致CleanCore股价暴跌60%,投资者对狗狗币的前景并不看好。
Robot Takeover? Critical Flaw in Pudu Robots Exposed
6 days 6 hours ago
A security researcher uncovered critical vulnerabilities in the admin panel of Pudu Robotics, China’s largest supplier of commercial
The post Robot Takeover? Critical Flaw in Pudu Robots Exposed appeared first on Penetration Testing Tools.
ddos
CVE-2005-1095 | Ocean12 Technologies Membership Manager Pro 1.x main.asp page cross site scripting (EDB-25354 / XFDB-20014)
6 days 7 hours ago
A vulnerability marked as problematic has been reported in Ocean12 Technologies Membership Manager Pro 1.x. This impacts an unknown function of the file main.asp. This manipulation of the argument page causes basic cross site scripting.
This vulnerability is tracked as CVE-2005-1095. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2005-1223 | Ocean12 Technologies Calendar Manager Pro 1.01 sql injection (EDB-25469 / XFDB-20174)
6 days 7 hours ago
A vulnerability was found in Ocean12 Technologies Calendar Manager Pro 1.01. It has been rated as critical. Affected by this issue is some unknown functionality. Performing manipulation results in sql injection.
This vulnerability is reported as CVE-2005-1223. The attack is possible to be carried out remotely. Moreover, an exploit is present.
vuldb.com
CVE-2005-1610 | Tru-Zone NukeET 3.0/3.1 security.php Codigo cross site scripting (EDB-25642 / XFDB-20540)
6 days 7 hours ago
A vulnerability, which was classified as problematic, was found in Tru-Zone NukeET 3.0/3.1. This issue affects some unknown processing of the file security.php. Executing manipulation of the argument Codigo can lead to basic cross site scripting.
This vulnerability is handled as CVE-2005-1610. The attack can be executed remotely. Additionally, an exploit exists.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2005-3394 | oaboard forum 1.0 forum.php topic sql injection (EDB-26441 / XFDB-22932)
6 days 7 hours ago
A vulnerability has been found in oaboard forum 1.0 and classified as critical. This affects an unknown part of the file forum.php. This manipulation of the argument topic causes sql injection.
This vulnerability appears as CVE-2005-3394. The attack may be initiated remotely. In addition, an exploit is available.
vuldb.com
CVE-2005-3932 | O-Kiraku Nikki up to 1.3 okiraku.php day_id sql injection (EDB-26683 / BID-15657)
6 days 7 hours ago
A vulnerability categorized as critical has been discovered in O-Kiraku Nikki up to 1.3. The impacted element is an unknown function of the file okiraku.php. The manipulation of the argument day_id results in sql injection.
This vulnerability is known as CVE-2005-3932. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2005-1637 | NPDS 4.8/5.0 comments.php thold sql injection (EDB-25671 / ID 1013973)
6 days 7 hours ago
A vulnerability described as critical has been identified in NPDS 4.8/5.0. The affected element is an unknown function of the file comments.php. Executing manipulation of the argument thold can lead to sql injection.
This vulnerability is registered as CVE-2005-1637. It is possible to launch the attack remotely. Furthermore, an exploit is available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2005-3305 | Nuked-Klan 1.7 Links dl_id sql injection (EDB-26388 / XFDB-22847)
6 days 7 hours ago
A vulnerability was found in Nuked-Klan 1.7 and classified as critical. The impacted element is an unknown function of the component Links. Such manipulation of the argument dl_id leads to sql injection.
This vulnerability is referenced as CVE-2005-3305. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
Beware: Fake PDF Editor Spreads Dangerous Infostealer via Google Ads
6 days 7 hours ago
Experts at Truesec have reported a large-scale malicious campaign in which attackers promoted a fake PDF-editing application, AppSuite
The post Beware: Fake PDF Editor Spreads Dangerous Infostealer via Google Ads appeared first on Penetration Testing Tools.
ddos
CVE-2005-1804 | Net Portal Dynamic System 5.0 glossaire.php Query sql injection (EDB-25749 / ID 1014073)
6 days 7 hours ago
A vulnerability was found in Net Portal Dynamic System 5.0. It has been classified as critical. The impacted element is an unknown function of the file glossaire.php. The manipulation of the argument Query leads to sql injection.
This vulnerability is listed as CVE-2005-1804. The attack may be initiated remotely. In addition, an exploit is available.
Applying a patch is the recommended action to fix this issue.
vuldb.com
CVE-2025-37992 | Linux Kernel up to 5.15.183/6.1.139/6.6.91/6.12.29/6.14.7 net_sched change null pointer dereference (EUVD-2025-16871 / Nessus ID 240309)
6 days 7 hours ago
A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.183/6.1.139/6.6.91/6.12.29/6.14.7. This affects the function Change of the component net_sched. Executing manipulation can lead to null pointer dereference.
This vulnerability appears as CVE-2025-37992. The attacker needs to be present on the local network. There is no available exploit.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2025-8114 | libssh Key Exchange null pointer dereference (EUVD-2025-22513 / WID-SEC-2025-1640)
6 days 7 hours ago
A vulnerability identified as problematic has been detected in libssh. This affects an unknown function of the component Key Exchange Handler. The manipulation leads to null pointer dereference.
This vulnerability is documented as CVE-2025-8114. The attack needs to be performed locally. There is not any exploit available.
vuldb.com
CVE-2025-8058 | GNU C Library up to 2.41 regcomp double free (EUVD-2025-22469 / Nessus ID 242875)
6 days 7 hours ago
A vulnerability categorized as problematic has been discovered in GNU C Library up to 2.41. The affected element is the function regcomp. Such manipulation leads to double free.
This vulnerability is traded as CVE-2025-8058. An attack has to be approached locally. There is no exploit available.
It is advisable to upgrade the affected component.
vuldb.com