Aggregator

A vulnerability, which was classified as problematic, has been found in ELLIOTT Net::Xero up to 0.44 on Perl. This issue affects the function Data::random. The manipulation leads to cryptographically weak prng. The identification of this vulnerability is CVE-2024-56370. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ChainMaker chainmaker-go up to 2.3.5. This vulnerability affects unknown code of the component Node Configuration Handler. The manipulation leads to incorrect synchronization. This vulnerability was named CVE-2024-58132. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in FISCO-BCOS FISCO BCOS 3.11.0. This affects an unknown part. The manipulation of the argument min_seal_time leads to incorrect synchronization. This vulnerability is uniquely identified as CVE-2024-58131. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Zammad up to 6.4.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Two Factor Authentication. The manipulation leads to client-side enforcement of server-side security. This vulnerability is handled as CVE-2025-32359. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Microsoft Outlook will enforce stricter authentication requirements for high-volume senders, impacting domains that send over 5,000 emails daily. These changes, which will take effect on May 5, 2025, aim to enhance inbox protection and maintain trust in digital communication. Outlook’s updated policy will mandate compliance with SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and […]

The post Microsoft Strengthens Outlook’s Email Ecosystem to Protect Inboxes appeared first on Cyber Security News.

Currently trending CVE - Hype Score: 10 - A vulnerability in the TP-Link WR840N v6 router with firmware version 0.9.1 4.16 and earlier permits unauthorized individuals to bypass the authentication of some interfaces under the /cgi directory.When adding Referer: http://tplinkwifi.net to the the request, it will be ...

Currently trending CVE - Hype Score: 1 - There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame ...

Currently trending CVE - Hype Score: 9 - Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.

Llama 4 Scout 17B Instruct is now available on Workers AI: use this multimodal, Mixture of Experts AI model on Cloudflare's serverless AI platform to build next-gen AI applications.

Linux靶机，通过抓包实现LFI漏洞利用，ffuf扫描子域名拿到dev，访问得到gitea库，源码泄露路径及数据库信息，查找版本号默认配置路径，结合靶机实际环境拼接语句读取，下载数据库文件，利用sqlite3读取，拿到账号密码加密值，利用工具/脚本爆破即可，登录发现泄露的.sh文件，读取内容关键信息，利用版本号查找cve漏洞，修改利用方法读取root.txt靶机信息一、信息收集靶机ip：10.1

什么是 php session什么是session？其实就是服务器为了保存用户状态而创建的一个保存用户信息的特殊对象，是存储在服务端的，有session那肯定就有sessionid了，他是怎么来的？当我们浏览器第一次访问服务器时，服务器创建一个session对象并且该对象有一个唯一的id,叫做sessionId,服务器会将sessionid以cookie的方式发送给浏览器，当浏览器再次访问服务器时

恶意工具滥用WooCommerce API，3.4万次下载验证盗刷信用卡！

VortexCrypt勒索病毒样本分析

A vulnerability was found in Exclusive Addons for Elementor Plugin up to 2.6.9.2 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component InfoBox. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2751. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Real Media Library Plugin up to 4.22.11 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-2328. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Enhanced Media Library Plugin up to 2.8.9 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-2840. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Combodo iTop up to 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Query Handler. The manipulation of the argument friendlyname leads to cross site scripting. This vulnerability is handled as CVE-2023-43790. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.