Aggregator

OpenAI CEO透露GPT-6正在开发中，将比GPT-5更快推出。GPT-5发布虽有改进但不尽如人意，公司计划在产品功能上进一步优化。

Tails 6.19发布，更新Tor浏览器、Tor客户端、Thunderbird等软件版本，并修复配置桥梁时的错误信息。提供自动和手动升级选项以及直接下载USB和ISO镜像的方式。用户可访问支持页面获取帮助和反馈。

工业互联网领域唯一双冠王。

A vulnerability described as critical has been identified in radar 1.0.8. This affects an unknown function of the component API. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2024-57155. The attack may be performed from a remote location. There is no available exploit.

A vulnerability was found in Cisco Identity Services Engine Software. It has been classified as critical. The affected element is an unknown function of the component GUI. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2025-20131. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

OpenAI's CEO Sam Altman told reporters that GPT-6 is already in the works, and it'll not take as long as GPT-5. [...]

A vulnerability was found in himmelblau up to 0.9.16 and classified as critical. The impacted element is the function acquire_token_by_hello_for_business_key of the file /etc/himmelblau/himmelblau.conf. Such manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-53013. The attack may be carried out on the physical device. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Siemens SICAM TOOLBOX II 07.10. It has been classified as critical. This impacts an unknown function of the component HTTPS Connection Handler. This manipulation causes improper certificate validation. This vulnerability appears as CVE-2024-31853. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability was found in Siemens SICAM TOOLBOX II 07.10/07.11. It has been declared as critical. Affected is an unknown function of the component HTTPS Connection Handler. Such manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2024-31854. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IBM InfoSphere Data Replication VSAM for z and OS Remote Source 11.4 on z/OS. It has been declared as critical. The impacted element is an unknown function of the component Log Reading Service. Such manipulation leads to stack-based buffer overflow. This vulnerability is listed as CVE-2024-56468. The attack may be performed from a remote location. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Juniper Junos OS up to 21.2R3-S8/22.4R3-S6/23.2R2-S2/23.4R2-S3/24.2R1. Impacted is an unknown function of the component Routing Protocol Daemon. Executing manipulation can lead to incorrect calculation of buffer size. This vulnerability is handled as CVE-2025-52955. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in IBM Engineering Requirements Management DOORS 9.7.2.9. This impacts an unknown function. This manipulation causes weak password recovery. This vulnerability is handled as CVE-2024-43190. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6 and classified as critical. Impacted is the function config_3g_para of the file /appy.cgi. Such manipulation of the argument username_3g/password_3g leads to buffer overflow. This vulnerability is referenced as CVE-2025-7077. It is possible to launch the attack remotely. Furthermore, an exploit is available. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

【君哥内推】旨在帮助甲方信息安全部门发布招聘需求，推送频率不定。欢迎甲方朋友们将招聘需求发给我，我愿意出力，

最近开始学习复现Tenda的漏洞，发现很多洞都是一系列的栈溢出漏洞，这些洞的固态仿真都是一样的，函数调用流程是不一样的，但对于pwn手来说，个人感觉最难的还是固态仿真和调试，这些都一样的话，函数流程逐个分析都可以拿下

WPBookit 是用于 WordPress 的插件，功能包括在线预订和预约管理。该插件中存在缺陷，在 image_upload_handle() 函数缺少文件类型验证，使得在所有版本至 1.0.4 包括 1.0.4 的版本中，攻击者可以通过添加新的预订类型的路由（add_booking_type）上传任意文件。这种情况下，攻击者能够在受影响网站的服务器上上传任意文件，并可能进行远程代码执行。

2025L3HCTF-tellmewhy详解以及多种入口

The goal of the Quantum-Safe Program is to ensure that by 2033 all Microsoft products and services are safe by default against quantum-based attacks.