Aggregator

Наука на пути к изобретению лекарства от Альцгеймера?

A vulnerability classified as critical has been found in Lenovo Service Bridge 4/4.1.0.1. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-4696. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mozilla Firefox up to 126 on iOS. This vulnerability affects unknown code of the component Private Tab Handler. The manipulation leads to improper access controls. This vulnerability was named CVE-2024-38312. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GUnet OpenEclass E-Learning Platform up to 3.15. This issue affects some unknown processing of the component Badge Template Edit Handler. The manipulation of the argument title/description leads to cross site scripting. The identification of this vulnerability is CVE-2024-33253. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Dropbox Desktop 198.4.7615 and classified as very critical. This vulnerability affects unknown code of the component Folder Sharing. The manipulation leads to protection mechanism failure. This vulnerability was named CVE-2024-5924. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Mozilla Firefox up to 126 on iOS. It has been classified as problematic. Affected is an unknown function of the component URL Handler. The manipulation leads to clickjacking. This vulnerability is traded as CVE-2024-38313. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Autodesk AutoCAD. It has been rated as critical. This issue affects some unknown processing of the component MODEL File Parser. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-23142. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. This vulnerability is traded as CVE-2025-2645. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument contactnumber leads to sql injection. This vulnerability is known as CVE-2025-2646. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /search.php. The manipulation of the argument Search leads to sql injection. This vulnerability is handled as CVE-2025-2647. The attack may be launched remotely. Furthermore, there is an exploit available.

Gundaz Aghayev 写道: 俄罗斯政府机构 Roskomnadzor 下属的“互联网监控和控制中心” (CMU SSOP) 去年 11 月指责 Cloudflare 部署 Encrypted Client Hello 侵害了各国网络主权，并有效地阻止了其 ECH 连接。在“主权互联网法案”授权之下，他们持续干扰西方科技公司在俄运作，Google 和 Wikipedia 已经“夹着尾巴逃跑了”，接下来是 Cloudflare。
先演习一下，这次在部分地区完全切断 Cloudflare，起初是中部的、与哈萨克斯坦接壤的新西伯利亚州。后来，不同 ISP 和地区的封锁有差异，大体上集中在俄罗斯中部和东部地区，该国的欧洲部分不受影响。用户报告所有使用了 Cloudflare CDN 的网站，都无法被打开。包括邻国的 DeepSeek、测速站 Speedtest、w3.org，以及臭打游戏的们的 Discord、EA、Nexus mods、VRChat。Cloudflare Radar 显示部分 ISP，比如 ZSTTKAS（AS21127）的 HTTP 流量接近清零。
“演习”结束，DeepSeek 率先被解封。这期间一名用户声称使用 chat.deepseek.com 作为 TLS hello，Discord 聊天就能“迅速打开”。本人推测这并不是已被 Cloudflare 禁止的域前置：封锁和解封与否是基于 IP 地址，而不是 HTTPS SNI。
可能的关联是：Roskomnadzor 在本月 20 日说要“对俄罗斯服务和电信运营商使用外国服务器基础设施进行定期技术检查”、以及“研究在确保网络主权的框架内制定改善上述服务的稳定性和安全性的措施”。不过本人看不出来封锁 IP 地址、导致俄国人上不去使用 Cloudflare CDN 的网站是如何改善稳定和安全的。
Cloudflare Status 记录了此次短暂封锁，现在其已被标记为“解决”。

Как китайскому автогиганту удалось обогнать Tesla на годы.

关键词数据泄露一个名为“rose87168”的威胁行为者声称从 Oracle 云服务器窃取了 600 万条记录

关键词零日漏洞俄罗斯漏洞经纪公司 Operation Zero 已公开宣布为 Telegram 零日漏洞提供高

关键词个人信息“开盒”是互联网中一种隐秘而危险的黑产，源于贴吧文化，类似于人肉搜索。

Currently trending CVE - Hype Score: 1 - IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Какие меры против нелегальных трансляций примет техногигант?

Name: FooBar CTF 2025 (an FooBarCTF event.)
Date: March 22, 2025, 6:30 a.m. — 23 March 2025, 06:30 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://foobarctf.nitdgplug.org/
Rating weight: 35.73
Event organizers: Alchemists of Kernel

A vulnerability classified as critical has been found in Autodesk AutoCAD. Affected is an unknown function of the component STEP File Parsing. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-23147. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Autodesk AutoCAD and classified as critical. This vulnerability affects unknown code of the component X_B File Parser. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2024-23143. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.