Aggregator

悬镜安全作为《报告》主要参编单位，凭借在信创产业卓越贡献，斩获网信自主创新尖锋榜“金风帆奖”。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

Один неожиданный ход обещает очистить веб от лишнего шума.

悬镜安全作为《报告》主要参编单位，凭借在信创产业卓越贡献，斩获网信自主创新尖锋榜“金风帆奖”。

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/search-pass.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is handled as CVE-2025-4039. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component Ticket Reservation. The manipulation of the argument Name leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4038. Attacking locally is a requirement. Furthermore, there is an exploit available.

日本三菱重工业宣布将于 6 月 24 日在鹿儿岛县种子岛宇宙中心发射 H2A 的 50 号机。这是最后一枚该型号火箭。预定发射时间为凌晨1点33分至1点52分，备用窗口期为6月25日至7月31日。火箭将搭载日本“温室气体和水循环观测技术卫星”（GOSAT-GW）。H2A 火箭是由日本宇宙航空研究开发机构（JAXA）与三菱重工联合开发的两级液体燃料火箭，2001 年以来的49 次发射中有 48 次取得成功，成功率约 98%，具有很高的可靠性。5 0号机发射后，日本的主力火箭将由 2023年投入使用的“H3”接棒。

不久之前，在美国科技行业工作还意味着薪水丰厚工作有保障。如今科技业的工作和其它行业没什么区别，员工还担心被裁员，他们的工作时间更长，薪水基本不变，但职责越来越多。员工发现自己在同时做被解雇同事的工作。一部分人被解雇后又被返聘，但返聘的职位没有加薪的资格也没有股票激励。如果要求加薪他们可能会被再次解雇。科技行业的资深员工表示，他们觉得自己已经不认识自己工作的公司了。管理层致力于实现华尔街预期的业绩。科技巨头的营收强劲，但正将大量资源投入到昂贵的 AI 基础设施建设中，给现金流带来了压力。Meta一位被返聘的员工被归类为“短期员工”。合同可续签，但没有绩效加薪、晋升或股票，她现在的工作量过去通常由几个人分摊。公司将这种额外的工作责任称之为“敏捷性”。根据 Layoffs.fyi 的统计数据，2025 年逾超 100 家公司的逾 5 万名员工被解雇。科技行业的从业者和其它行业的员工一样处于痛苦状况中。

A security researcher has uncovered a critical vulnerability in iOS, Apple’s flagship mobile operating system. The flaw, CVE-2025-24091, which leverages the long-standing but little-known “Darwin notification” system, allows any app-including those confined by Apple’s usually strict sandbox restrictions push the entire device into an inescapable “restore in progress” state with a single line of code. […]

The post New iOS Vulnerability Could Brick iPhones with Just One Line of Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic errors. This vulnerability is traded as CVE-2025-4037. Local access is required to approach this attack. Furthermore, there is an exploit available.

Submit #559345 / VDB-306404

A vulnerability was found in 201206030 Novel 3.5.0 and classified as critical. This issue affects the function updateBookChapter of the file src/main/java/io/github/xxyopen/novel/controller/author/AuthorController.java of the component Chapter Handler. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-4036. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #559344 / VDB-306403

Submit #559331 / VDB-298902

Submit #559303 / VDB-306402

A vulnerability has been found in Taxonomy Tag, Category, and Taxonomy Manager Plugin up to 3.29.x on WordPress and classified as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-0627. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in WP-Recall Plugin up to 16.26.11 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-9771. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in wpase Admin and Site Enhancements Plugin up to 7.6.9 on WordPress. Affected by this issue is some unknown functionality of the component Password Protect Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-13688. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #558414 / VDB-306401

Свежий релиз операционной системы расширяет возможности как для серверов, так и для рабочих станций.