Aggregator

AV Killer обходит все уровни защиты, позволяя проникнуть вплоть до ядра ОС.

诚邀关注！

由于使用 Microsoft Power Pages 构建的网站中的访问控制缺失或配置错误，现在有数以百万计的敏感信息和个人数据处于公开网络的风险之中。

Расследования утечек могут попасть под уголовное наказание.

网信办周日宣布开展清朗·网络平台算法典型问题治理专项行动。这次行动将持续到 2025 年 2 月 14 日。通知称，这次专项行动的主要任务包括：深入整治“信息茧房”、诱导沉迷问题；提升榜单透明度打击操纵榜单行为；防范盲目追求利益侵害新就业形态劳动者权益；严禁利用算法实施大数据“杀熟”；增强算法向上向善服务保护网民合法权益；落实算法安全主体责任。目标是算法导向正确、公平公正、公开透明、自主可控、责任落实。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

雷神众测拥有该文章的修改和解释权。如欲转载或传播此文章，必须保证此文章的副本，包括版权声明等全部内容。声明雷神众测允许，不得任意修改或增减此文章内容，不得以任何方式将其用于商业目的。

A vulnerability classified as critical was found in Red Hat OpenShift Container Platform 4. Affected by this vulnerability is an unknown functionality of the file /api/dev-console/proxy/internet. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-6538. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in WikiDocs up to 1.0.64. Affected is an unknown function of the component KaTeX Parser. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-53930. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenStack Neutron up to 25.0.0. It has been rated as critical. This issue affects some unknown processing of the file neutron/extensions/tagging.py of the component Policy Enforcement Handler. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-53916. The attack can only be initiated within the local network. There is no exploit available.

在阿塞拜疆举行的《联合国气候变化框架公约》第 29 次缔约方会议（COP29）24 日就发展中国家全球变暖对策的援助目标达成共识后闭幕。内容为到 2035 年为止，发达国家公共资金和民间资金合计每年至少提供 3000 亿美元的援助。这是目前每年 1000 亿美元援助规模的三倍。此外还要求包括发展中国家等在内的全世界的资金官民合计扩大到每年 1.3 万亿美元。为了抑制发展中国家债务增加，将设置在利用无偿提供资金等手段的同时扩大资金的机制，并敦促中国及产油国等有经济实力的发展中国家也要作出贡献。

A vulnerability was found in WPForms Plugin up to 1.9.1.5 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-7056. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Photo Gallery, Sliders, Proofing Plugin up to 3.59.4 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6393. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in YaDisk Files Plugin up to 1.2.5 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10709. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in hardy-barth cph2_echarge_firmware up to 2.0.4 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to command injection. This vulnerability is known as CVE-2024-11665. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as critical, was found in Imager Package up to 1.024 on Perl. Affected is the function trim. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2024-53901. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in YaDisk Files Plugin up to 1.2.5 on WordPress. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10710. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in hardy-barth cph2_echarge_firmware up to 2.0.4. This vulnerability affects unknown code. The manipulation leads to insufficient verification of data authenticity. This vulnerability was named CVE-2024-11666. The attack can be initiated remotely. There is no exploit available.