Aggregator

A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process

Alleged Database Sale of SendGrid: Nearly 850,000 Customer and Corporate Records Offered for $2,000

A vulnerability has been found in Apple tvOS up to 12.1.1 and classified as critical. This vulnerability affects unknown code of the component WebKit. The manipulation leads to incorrect type conversion. This vulnerability was named CVE-2019-6215. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Alleged Sale of Naturgy Energy Group Customer Database: 2.5 Million Records Exposed on Breach Forums

Bad Apple: Chinese firm banned by the U.S. is the shady entity behind a clutch of free VPN apps—with over a million downloads.

The post App Stores OK’ed VPNs Run by China PLA appeared first on Security Boulevard.

A cascading supply chain attack on GitHub that targeted Coinbase in March has now been traced back to a single token stolen from a SpotBugs workflow, which allowed a threat actor to compromise multiple GitHub projects. [...]

小行星 2024 YR4 不太可能在 2032 年 12 月 22 日撞击地球，但更有可能撞击月球。NASA 利用韦伯太空望远镜的红外线观测数据，更新了对 小行星 2024 YR4 大小估计。最新结果显示，2024 YR4 的直径约为 53 至 67 米，约相当于一栋 10 层楼高的建筑物。NASA 同时更新了 2024 YR4 未来可能撞击月球的机率。原先评估撞击月球的机率为 1.7%，最新数据已将此数值上调至 3.8%。尽管如此，仍有高达 96.2% 的机率显示这颗小行星将擦过月球，不会发生撞击。即便发生极少数机率下的撞击事件，也不会对月球的轨道造成任何实质影响。随着小行星逐渐远离地球，到了 4 月中旬之后，地面望远镜将难以继续追踪 2024 YR4。韦伯太空望远镜已计划于 5 月再度观测这颗小行星，持续监测其动态并进一步确认其轨道参数。

A vulnerability was found in ED01-CMS 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-30890. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file stepselect_main.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-29660. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in dfir-iris iris-web up to 2.4.5. It has been classified as problematic. This affects an unknown part of the component Template Handler. The manipulation leads to improper neutralization of special elements used in a template engine. This vulnerability is uniquely identified as CVE-2024-25624. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 16.9.5/16.10.3/16.11.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Bitbucket Credentials Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-4024. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in MeterSphere up to 2.10.13-lts and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-32467. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BigBlueButton Greenlight up to 2.12.x and classified as problematic. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument return_to leads to open redirect. This vulnerability is handled as CVE-2022-36029. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in BigBlueButton Greenlight up to 2.12.x. It has been classified as problematic. This affects an unknown part of the component Login Page. The manipulation of the argument return_to leads to open redirect. This vulnerability is uniquely identified as CVE-2022-36028. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in TWCMS 2.6 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-31574. The attack can be initiated remotely. There is no exploit available.

欧洲改革中心（英国）2025年3月28日发布文章《唐纳德·特朗普（Donald Trumps）返回办公室：十个后果》

欧洲改革中心（英国）2025年3月28日发布文章《唐纳德·特朗普（Donald Trumps）返回办公室：十个后果》

欧洲改革中心（英国）2025年3月28日发布文章《唐纳德·特朗普（Donald Trumps）返回办公室：十个后果》