Aggregator

A vulnerability has been found in QNAP QTS and QuTS hero and classified as critical. Affected by this vulnerability is an unknown functionality. Performing manipulation results in crlf injection. This vulnerability is cataloged as CVE-2024-48868. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in QNAP QTS and QuTS hero and classified as critical. Affected by this issue is some unknown functionality. Executing manipulation can lead to os command injection. This vulnerability is registered as CVE-2024-50393. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability was found in QNAP QTS and QuTS hero. It has been classified as critical. This affects an unknown part. The manipulation leads to format string. This vulnerability is documented as CVE-2024-50402. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in QNAP QTS and QuTS hero. It has been declared as critical. This vulnerability affects unknown code. The manipulation results in link following. This vulnerability is reported as CVE-2024-53691. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in QNAP QTS and QuTS hero. It has been rated as critical. This issue affects some unknown processing. This manipulation causes format string. This vulnerability appears as CVE-2024-50403. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, was found in QNAP QTS and QuTS hero. This affects an unknown part. Executing manipulation can lead to improper certificate validation. This vulnerability is tracked as CVE-2024-48865. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

根据发表在《Psychology & Health》期刊上的一项研究，驱动人的大部分行为是习惯而不是有意识的选择。习惯就是根据我们所学以及通常反应在日常环境中被自动提示去做的行为。研究发现，人的日常行为有 65% 是出于习惯而自动进行的。研究还发现，46% 的行为是由习惯以及与相一致的有意识意图触发的，表明人们养成了有助于实现个人目标的习惯，且经常会打破与之冲突的习惯。在这项研究中，研究人员在一周内每天向 105 名参与者的手机发送六个随机提示，要求他们描述目前正在做的事，以及是出于习惯还是有意为之。研究人员称，人们喜欢认为自己是理性的决策者，会在行动前仔细思考。但事实上许多重复行为极少是预先思考的，而是由习惯自动产生的。锻炼也能靠习惯推动，但相比其它行为，它无法完全靠自动实现。

Alleged data leak of classified Algerian eSIM Policy Directive

Hong Kong outlets of the convenience store chain Circle K experienced outages to e-payments other technology after a "network disruption." The company said it could not rule out a cyberattack.

该计划中的技术本身具有潜在的两用性，这是所有前沿生物技术的共性。例如，基因编辑技术（如CRISPR-Cas9）既能用于治疗遗传病，也可能被滥用于设计具有特定危害性的病原体。需要警惕美军已防御为名开展生物武器研究。

Discover how CIS Benchmarks and CIS Controls help energy and utility companies strengthen cybersecurity across IT and OT environments.

Discover how CIS Benchmarks and CIS Controls help energy and utility companies strengthen cybersecurity across IT and OT environments.

A vulnerability was found in WSO2 API Manager, API Control Plane, Universal Gateway, Traffic Manager and Carbon API Management API. It has been declared as problematic. Affected is an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-4760. The attack can be launched remotely. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Salesforce CLI on Windows. It has been classified as problematic. This impacts an unknown function. The manipulation leads to uncontrolled search path. This vulnerability is documented as CVE-2025-9844. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in TalentSys Inka.Net up to 6.7.0 and classified as critical. This affects an unknown function. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-9846. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in huggingface transformers up to 4.52.x and classified as problematic. The impacted element is the function _do_use_weight_decay. Performing manipulation results in resource consumption. This vulnerability is cataloged as CVE-2025-6921. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. [...]

A vulnerability, which was classified as critical, was found in Autodesk Revit up to 2026.2. The affected element is an unknown function of the component RFA File Parser. Such manipulation leads to type confusion. This vulnerability is listed as CVE-2025-8354. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in OnePlus OxygenOS 12.x/13.x/14.x/15.x. Impacted is an unknown function of the component Multi-Factor Authentication. This manipulation causes missing authorization. This vulnerability is tracked as CVE-2025-10184. The attack is restricted to local execution. No exploit exists.

Методичность стала главным оружием Nimbus Manticore.