Aggregator

A vulnerability classified as critical was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This vulnerability affects unknown code of the file /patient-report.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability was named CVE-2025-29640. The attack can be initiated remotely. There is no exploit available.

Виноват файл, на который вы даже не нажали.

布隆伯格(Michael Bloomberg)认为，过去二十年美国学区花了数十亿美元为教室配备笔记本电脑，然而学生的基本技能却下降了。目前有约九成的美国学校为学生提供​​了笔电，但学生的考试成绩则徘徊在历史最低点——只有 28% 的八年级学生熟练掌握数学，30% 的八年级学生熟练掌握阅读。研究证实，传统方法——在纸上阅读和写作——仍然优于基于屏幕的方法。设备会分散学生的注意力，研究表明，非学习活动后需要长达 20 分钟的时间才能重新集中注意力。布隆伯格建议学校重新考虑课堂电脑政策，呼吁学校重新使用书本和笔，而不是笔记本电脑和平板电脑。

Linux 6.14 возвращает старую логику планировщика задач.

A vulnerability, which was classified as problematic, was found in FlowiseAI Flowise up to 1.4.3. This affects an unknown part of the file /api/v1/public-chatflows/id of the component 404 Page. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-36423. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Easy Google Maps Plugin up to 1.11.15 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-5219. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Post Grid Plugin up to 7.7.1 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Title Tag Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1427. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0. It has been rated as critical. Affected by this issue is the function copy_column of the file libavfilter/vf_tiltandshift.c. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2024-32229. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in CocoaPods. This affects an unknown part. The manipulation leads to exposure of data element to wrong session. This vulnerability is uniquely identified as CVE-2024-38367. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in FFmpeg 7.0. This vulnerability affects the function hevc_frame_end of the file libavcodec/hevcdec.c. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-32228. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in FFmpeg 7.0 and classified as critical. Affected by this issue is the function load_input_picture of the file libavcodec/mpegvideo_enc.c. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-32230. The attack may be launched remotely. There is no exploit available.

英伟达一年一度的开发者大会 GTC 于 3 月 21 日闭幕，这次会议凸显了中美 AI 加速分裂。在 GTC 会场上，阿里巴巴和腾讯展示了 AI 研究成果。在线上，包括百度在内的多家中国企业，以及英伟达的华人员工，还专门举行了一场全程仅用中文交流的讨论会。英伟达 CEO 黄仁勋被问及中美对立的影响时回答：“据我观察，全球 AI 研究人员中有一半来自中国。在所有美国的 AI 研究所中，优秀的中国研究人员数量众多，绝无例外”。对于英伟达来说，如果分裂进一步加剧，其收益对美国的“依赖”可能会增强。自美国政府加强管制以来，中国市场销售额的占比一直在降低。从英伟达的中国销售额在总销售额中的占比来看，2024 财年（截至2025年1月）为总体的 13%，比 2021 财年减少了一半。

Speaker: Mishaal Khan

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Recon Village – GeoINT Mastery: A Pixel Is Worth A Thousand Words appeared first on Security Boulevard.

浙江大学赵保丹及其同事在《自然》期刊上发表论文，报告创造出最小的 LED 显示屏，其像素宽度不到 100 微米，大约相当于人类头发的宽度。研究人员还能制造出更小的 LED，其像素宽度为 90 纳米——差不多病毒的大小，连最强大的光学显微镜也难以分辨。研究人员使用了钙钛矿制造 LED 半导体，赵保丹称，她们的实验表明，钙钛矿 LED 在极小的尺寸下仍能保持合理的效率，比传统 LED 更具优势。

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3 and classified as critical. This issue affects some unknown processing of the component URL Handler. The manipulation leads to path traversal: '/../filedir'. The identification of this vulnerability is CVE-2024-41765. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been classified as critical. Affected is an unknown function. The manipulation leads to missing standardized error handling mechanism. This vulnerability is traded as CVE-2024-41768. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-41767. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to risky cryptographic algorithm. This vulnerability is handled as CVE-2024-41763. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in IBM Engineering Lifecycle Optimization Publishing 7.0.2/7.0.3. This affects an unknown part. The manipulation leads to inefficient regular expression complexity. This vulnerability is uniquely identified as CVE-2024-41766. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.