Aggregator

AI推理对比

明天的乌云
1 week 2 days ago

看着姜文新电影预告,想到一个问题考考AI:让子弹飞是导演几岁的时候拍的

透明人

Internet Archive Abused for Hosting Stealthy JScript Loader Malware

Cyber Security News
1 week 2 days ago

Security researchers have uncovered a novel malware delivery chain in recent weeks that leverages the Internet Archive’s legitimate infrastructure to host obfuscated payloads. The attack begins with a seemingly innocuous JScript file delivered via malspam, which in turn invokes a PowerShell loader. This PowerShell script reaches out to the Internet Archive (archive.org) to retrieve a […]

The post Internet Archive Abused for Hosting Stealthy JScript Loader Malware appeared first on Cyber Security News.

Tushar Subhra Dutta

Mozilla High Severity Vulnerabilities Enables Remote Code Execution

Cyber Security News
1 week 2 days ago

Mozilla has released Firefox 142 to address multiple high-severity security vulnerabilities that could allow attackers to execute arbitrary code remotely on affected systems.  The security advisory, published on August 19, 2025, reveals nine distinct vulnerabilities ranging from sandbox escapes to memory safety bugs, with several classified as high-impact threats capable of enabling remote code execution […]

The post Mozilla High Severity Vulnerabilities Enables Remote Code Execution appeared first on Cyber Security News.

Florence Nightingale

微软表示正在调查与安全更新相关的硬盘故障问题

Solidot
1 week 2 days ago
本周早些时候有报道称,日本用户报告微软最近释出的 Windows 11 24H2 安全更新 KB5063878 会导致硬盘出现问题,故障可能会在在硬盘连续写入超过 50GB 数据时发生。目前微软官方并没有标记 KB5063878 存在该问题。微软发言人在一份声明中表示,它已经收到了相关投诉,正与合作伙伴一起展开调查。SSD 控制器制造商群联电子(Phison) 也表示正在调查该问题。

CVE-2024-27349 | Apache HugeGraph-Server up to 1.2.x RESTful-API authentication spoofing (EUVD-2024-1128)

Vuldb Updates
1 week 2 days ago
A vulnerability identified as critical has been detected in Apache HugeGraph-Server up to 1.2.x. The impacted element is an unknown function of the component RESTful-API. This manipulation causes authentication bypass by spoofing. This vulnerability is tracked as CVE-2024-27349. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.
vuldb.com

CVE-2025-9074 | Docker Desktop up to 4.44.2 on Windows API exposure of resource (EUVD-2025-25308)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Docker Desktop up to 4.44.2 on Windows. It has been classified as critical. This affects an unknown function of the component API. The manipulation leads to exposure of resource. This vulnerability is documented as CVE-2025-9074. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-53971 | Mattermost up to 9.11.17/10.5.8 API Endpoint schemeRoles authorization (EUVD-2025-25413 / WID-SEC-2025-1625)

Vuldb Updates
1 week 2 days ago
A vulnerability marked as problematic has been reported in Mattermost up to 9.11.17/10.5.8. Impacted is an unknown function of the file /api/v4/teams/team-id/members/user-id/schemeRoles of the component API Endpoint. Performing manipulation results in incorrect authorization. This vulnerability is cataloged as CVE-2025-53971. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2024-32741 | Siemens SIMATIC CN 4100 up to 2.x GRUB hard-coded password (ssa-273900)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Siemens SIMATIC CN 4100 up to 2.x. It has been declared as critical. This impacts an unknown function of the component GRUB. Executing manipulation can lead to use of hard-coded password. This vulnerability is registered as CVE-2024-32741. The attack needs to be launched locally. No exploit is available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-9296 | Emlog Pro up to 2.5.18 blogger.php?action=update_avatar image unrestricted upload (EUVD-2025-25414)

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Emlog Pro up to 2.5.18. It has been declared as critical. This affects an unknown function of the file /admin/blogger.php?action=update_avatar. Such manipulation of the argument image leads to unrestricted upload. This vulnerability is referenced as CVE-2025-9296. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9297 | Tenda i22 1.0.0.3(4687) /goform/wxportalauth formWeixinAuthInfoGet Type stack-based overflow

Vuldb Updates
1 week 2 days ago
A vulnerability was found in Tenda i22 1.0.0.3(4687). It has been rated as critical. This impacts the function formWeixinAuthInfoGet of the file /goform/wxportalauth. Performing manipulation of the argument Type results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-9297. The attack can be initiated remotely. Additionally, an exploit exists.
vuldb.com

Managed ad