Aggregator

Currently trending CVE - Hype Score: 38

Currently trending CVE - Hype Score: 1 - Craft is a content management system. Versions of Craft CMS on the 4.x branch prior to 4.14.13 and on the 5.x branch prior to 5.6.16 contains a potential remote code execution vulnerability via Twig SSTI. One must have administrator access and `ALLOW_ADMIN_CHANGES` must be ...

Currently trending CVE - Hype Score: 1 - A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to corrupt ...

Currently trending CVE - Hype Score: 1 - The issue was addressed with improved memory handling. This issue is fixed in AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126, CarPlay Communication Plug-in R18.1. An attacker on the local network may cause an unexpected app termination.

Currently trending CVE - Hype Score: 51 - Microsoft Outlook Remote Code Execution Vulnerability

Currently trending CVE - Hype Score: 1 - The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious ...

Currently trending CVE - Hype Score: 59 - Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.

Currently trending CVE - Hype Score: 29 - Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

Currently trending CVE - Hype Score: 24 - An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned ...

速修复

速检查

近日，绿盟科技CERT监测到Elastic发布安全公告，修复了Elastic Kibana原型污染致任意代码执行漏洞（CVE-2025-25014），CVSS评分9.1，请相关用户尽快采取措施进行防护。

速修复

速检查

近日，绿盟科技CERT监测到Elastic发布安全公告，修复了Elastic Kibana原型污染致任意代码执行漏洞（CVE-2025-25014），CVSS评分9.1，请相关用户尽快采取措施进行防护。

苹果服务部门高级副总裁 Eddy Cue 在 Google 搜索反垄断案件中作证时表示，由于用户越来越多地使用 AI，上个月苹果 Safari 浏览器上的搜索量首次下降。AI 搜索引擎最终将取代 Google 等标准搜索引擎，他希望未来在苹果的 Safari 浏览器中添加 OpenAI、Perplexity 和 Anthropic 的 AI 服务作为搜索选项。不过他补充说，他认为 Google 仍应是默认选项。该消息导致 Alphabet 市值蒸发约 1500 亿美元。Google 官方博客发表声明，对 Eddy Cue 的说法提出了异议，称来自苹果平台的搜索查询量在继续增长。

The UK government unveiled two new assessment schemes to boost confidence in the security of products and services during CYBERUK

个体对气候的影响是不平等的。根据发表在《Nature Climate Change》期刊上的一项研究，三分之二全球暖化是最富有 10% 人口造成的，这些人对全球暖化的贡献是平均水平的 6.5 倍，而最富有 1% 人口和 0.1% 人口的贡献分别是平均水平的 20 倍和 76 倍。对于极端事件，最富有 10% 人口对全球每月百年一遇极端高温事件增加的贡献是平均水平的 7 倍，对亚马逊干旱的贡献是平均水平的 6 倍。美国和中国最富有 10% 人口的排放导致脆弱地区的极端高温事件增加了两到三倍。

看雪论坛作者ID：0xEEEE

适合新手入门