Aggregator

Submit #404868 / VDB-265073

Submit #404867 / VDB-276840

A vulnerability was found in Frontend Dashboard Plugin up to 2.2.4 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2024-8268. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Affiliate Super Assistent Plugin up to 1.5.3 on WordPress. It has been declared as critical. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2024-8478. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects the function dbsrv_asp. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-44375. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in laurent22 joplin up to 3.0.14 and classified as problematic. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-40643. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Profelis Informatics and Consulting PassBox up to 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-7015. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

随着用户厌倦了社媒平台如 Twitter/X 所提供的“数字城市广场”，一部分人转向了 X 的同类替代如 Bluesky 和 Threads，还有一部人则转向了爱好类应用如读书应用 Goo

A vulnerability classified as very critical was found in Apple macOS up to 10.13.1. Affected by this vulnerability is an unknown functionality of the component tcpdump. The manipulation leads to memory corruption. This vulnerability is known as CVE-2017-13052. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in QNAP QTS and QuTS hero. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2024-21906. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in QNAP QTS and QuTS hero. This issue affects some unknown processing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-32763. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in QNAP QTS, QuTS hero and QuTScloud. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2024-32771. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in QNAP QTS and QuTS hero. Affected by this issue is some unknown functionality. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-38641. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in QNAP Download Station. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-38640. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Militairen van 11 Luchtmobiele Brigade en de luchtmacht voeren een grote luchtlanding uit in Marnewaard. De woensdag geplande operatie is onderdeel van de 14 dagen durende oefening Falcon Leap die vandaag is begonnen. Hierbij trainen militairen uit 12 landen het droppen van vrachtladingen en parachutisten boven Nederland en België. 

​该文主要讲述了如何保护自己在社交媒体上的安全以及黑客利用社交工程学手段进行攻击的方式和方法。并介绍了一些网络社交媒体黑客工具与方法，也提供了一些应对策略​。

Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401 Pierluigi

CACTER客户案例：安全海外中继助力知名家电企业化解海外通邮困境一、客户背景广东格兰仕集团有限公司（以下简

提供呼叫中心服务的 Alorica 推出了一款 AI 翻译工具，让公司员工能用 200 种不同语言与客户交谈。Alorica 不会裁员，它还在积极招聘。Alorica 等公司的经验表明，AI 不会成为人类的职业“杀手”，导致大规模失业。AI 可能会像蒸汽机、电力、互联网等技术突破一样，在消除部分工作的同时创造新的工作，使得人类的工作总体上效率更高，让工人、雇主和经济都从中受益。人们曾经以为，AI 聊天机器人将会取代客服，但这种情况目前并没有发生，可能永远也不会发生。白宫经济顾问委员会上月表示，他们发现几乎没有证据表明 AI 会对整体就业情况产生负面影响。目前科技行业的大规模裁员与 AI 几乎没有关联，科技巨头不是因为 AI 会节省资金或导致工作岗位不再需要而裁员的。

Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. [...]