Aggregator

株式会社クオリティアが提供するActive! mailには、複数の脆弱性が存在します。

A vulnerability has been found in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N and DSR-1000N up to 3.17B901C and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2024-57376. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Redaxo CMS up to 5.18.2. It has been declared as problematic. This vulnerability affects unknown code of the component AddOns Page. The manipulation of the argument rex-api-result leads to cross site scripting. This vulnerability was named CVE-2025-27412. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Redaxo CMS up to 5.18.2. Affected by this issue is some unknown functionality of the component Mediapool Page. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-27411. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Dell Wyse Proprietary OS up to 2411. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to command injection. This vulnerability is known as CVE-2025-26331. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in nhairs python-json-logger up to 3.2.x. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to inclusion of functionality from untrusted control sphere. This vulnerability was named CVE-2025-27607. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Dell Wyse Proprietary OS up to 2408. This affects an unknown part. The manipulation leads to incorrect permission assignment. This vulnerability is uniquely identified as CVE-2025-27688. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in vllm up to 0.7.1. It has been declared as problematic. Affected by this vulnerability is the function hash. The manipulation of the argument constant leads to improper validation of integrity check value. This vulnerability is known as CVE-2025-25183. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in PublicCMS 4.0.202406. Affected by this issue is some unknown functionality of the file /cms/CmsWebFileAdminController.java of the component File Handler. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-25361. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Microsoft Visual Studio. This issue affects some unknown processing. The manipulation leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-24998. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, was found in Microsoft Visual Studio. Affected is an unknown function. The manipulation leads to uncontrolled search path. This vulnerability is traded as CVE-2025-25003. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to link following. This vulnerability is known as CVE-2025-25008. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office. It has been classified as critical. This affects an unknown part. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-26629. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Office. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to use after free. This vulnerability was named CVE-2025-21392. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

文章介绍了错误代码521的原因及其常见情况，并提供了相应的解决方法和预防措施。

HackerNews 编译，转载请注明出处： 网络安全机构CISA上周发布警告称，德国工业网络设备厂商Microsens的NMP Web+产品存在两个严重漏洞和一个高危漏洞，可能被黑客利用实施远程攻击。 Microsens为工业企业和组织提供交换机、转换器、楼宇控制器等自动化解决方案，其NMP Web+平台用于集中管理工业交换机及网络设备配置。漏洞详情如下： CVE-2025-49151（严重）：未授权攻击者可伪造JSON Web Token（JWT）绕过身份验证； CVE-2025-49153（严重）：攻击者能覆盖服务器文件并执行任意代码； 高危漏洞：JWT令牌未设置过期时间，导致长期有效。 Claroty Team82研究员Noam Moshe（漏洞发现者）向SecurityWeek表示，攻击者可链式利用这些漏洞： 通过伪造JWT获取系统访问权限； 利用文件覆盖漏洞完全控制操作系统。 “这实现了‘从零到英雄’的跳跃——无需任何凭证即可接管系统。”Moshe强调，尽管攻击需访问目标NMP Web+的Web服务器，但大量实例暴露在互联网，存在被扫描攻击的风险。 CISA确认尚未发现野外利用案例，Microsens已发布补丁（Windows/Linux版本3.3.0）。受影响产品在全球范围部署，尤其涉及关键制造业领域。建议用户立即更新至修复版本，并限制管理界面的互联网暴露。   消息来源： securityweek ； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

X/Twitter即将上线AI笔记机器人，自动为帖子添加与用户倾向不同的观点内容，并计划于月底推出第一批机器人。

文章探讨了错误代码521的原因及解决方法,指出该错误通常由服务器配置问题或网络延迟导致,并建议用户检查服务器状态、优化配置或联系主机提供商以解决问题。

HackerNews 编译，转载请注明出处： 谷歌已发布安全更新，修复其Chrome浏览器中一个已被野外利用的零日漏洞（CVE-2025-6554，CVSS评分暂缺）。该漏洞被描述为V8 JavaScript与WebAssembly引擎中的类型混淆缺陷。 根据美国国家标准与技术研究院（NIST）国家漏洞数据库（NVD）的说明：”Chrome 138.0.7204.96之前版本中，V8引擎的类型混淆漏洞允许远程攻击者通过特制HTML页面执行任意内存读写操作。” 类型混淆漏洞危害严重，可能被利用触发软件异常行为，导致任意代码执行或程序崩溃。此类零日漏洞风险极高，因其常在补丁发布前就被攻击者武器化。实际攻击中，黑客可能通过诱导用户访问恶意网站，悄无声息地安装间谍软件、发起偷渡式下载或植入恶意代码。 该漏洞由谷歌威胁分析小组（TAG）的Clément Lecigne于2025年6月25日发现并报告。TAG通常负责追踪国家级攻击或监控行动，此次披露暗示漏洞可能已被用于高度定向的攻击，涉及政府支持的黑客或间谍活动。 谷歌表示，漏洞在次日（6月26日）已通过配置更新缓解，并推送至全平台稳定版通道。普通用户虽暂未面临大规模威胁，但立即更新补丁至关重要，尤其针对处理敏感数据的高价值目标。 尽管谷歌未透露漏洞利用细节及攻击者信息，但确认”CVE-2025-6554的野外利用已存在”。这是谷歌2025年修复的第四个Chrome零日漏洞，此前三个分别为CVE-2025-2783、CVE-2025-4664和CVE-2025-5419（其中CVE-2025-4664是否遭恶意利用尚不明确）。 用户防护建议： 1. 立即升级Chrome至以下版本： Windows/macOS: 138.0.7204.96/.97 Linux: 138.0.7204.96 2. 检查更新路径：Chrome设置 → 帮助 → 关于Google Chrome（浏览器将自动检测并安装最新版本）。 3. 企业/IT团队需启用自动补丁管理，监控终端浏览器版本合规性。 4. 其他基于Chromium的浏览器（Edge、Brave、Opera、Vivaldi等）用户需等待厂商发布修复补丁后及时更新。 （注：谷歌通常会在漏洞被完全修复后公开更多技术细节，建议持续关注官方安全公告。）   消息来源：thehackernews； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.