Aggregator

一、环境启动 npx [email protected] my-next-app npm run d […]

Невинный документ с формами способен читать ваши файлы и сканировать внутренние адреса, если Tika осталась без свежего патча.

HackerNews 编译，转载请注明出处： 据车主及经销商反馈，俄罗斯境内数百辆保时捷汽车因原厂搭载的卫星安全系统故障陷入无法行驶的状态。 经销商集团Rolf表示，俄罗斯多个城市的车主反映，其保时捷车辆在失去卫星防盗模块连接后，发动机突然熄火、燃油供应中断，所有车型均面临自动锁止风险。据悉，该故障由车载模块——车辆追踪系统引发。 俄罗斯媒体俄新社指出，这一事件暴露出，任何一款保时捷汽车都可通过其原厂防盗系统实现强制锁止。该媒体建议，可通过拆卸并重置防盗装置来解决这一问题。 Rolf向俄新社透露，受原厂卫星安全系统故障影响，车主的维修需求显著增加，自11月28日起，维修订单量出现激增。 该公司服务总监尤利娅・特鲁什科娃表示：“目前，所有车型及燃油动力车型均出现连接中断问题，任何一辆车都有可能被锁止。现阶段，可通过重置并拆卸原厂防盗装置来解除锁止。我们正在持续调查故障原因，同时联系技术人员研究解锁车辆的可行方案。” Rolf的一名代表向俄新社透露，所有保时捷车型均受此次故障波及，存在自动锁止的可能性。该代表推测，此次系统中断或为蓄意人为操作，但目前尚无相关证据佐证这一说法。 据俄罗斯保时捷迈Macan俱乐部透露，部分车主通过关闭或重启车辆追踪系统恢复了车辆正常使用，另有部分车主通过断开车辆电池数小时的方式解决了问题。 Rolf方面表示，技术专家仍在调查故障根源。保时捷俄罗斯分公司及全球总部均未对此事作出回应。值得注意的是，自2022年俄乌冲突爆发后，保时捷已暂停在俄的汽车销售及运营业务，但仍持有三家未能成功出售的本地子公司。 此次事件凸显出，当联网汽车安全系统成为单点故障源时，其本身存在的脆弱性及潜在风险。保时捷这款卫星互联车辆追踪系统模块的一次故障，就导致数百辆汽车陷入瘫痪，可见数字控制系统如今对车辆物理安全及行驶能力的深度影响。 尽管目前没有证据表明此次故障是蓄意网络攻击所致，但这一情况也凸显出此类系统对威胁攻击者的吸引力。一旦远程锁车功能遭到协同攻击，可能导致大规模车队瘫痪，引发公共安全隐患，甚至被用作胁迫手段或地缘政治施压工具。 这一事件应成为汽车行业的一记警钟：安全关键部件必须具备抗风险能力与故障防护设计，且在研发阶段就应预设远程系统可能发生故障或遭攻击的情况。当相关技术足以让行驶中的车辆直接停驶时，完善的应急响应机制、清晰的信息沟通渠道以及对故障根源的透明披露，是维系公众信任的关键所在。       消息来源：securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

2025 年 11 月，威胁猎人监测到 363 万余个活跃恶意手机号，其中 326 万个为首次出现。黑灰产使用的恶意手机号主要来自中国大陆和美国；恶意手机号物料使用的集中行业为社交行业、电商和零售行业、金融行业以及娱乐行业。

A vulnerability labeled as critical has been found in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-14210. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability marked as critical has been reported in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing manipulation of the argument book_id results in sql injection. This vulnerability was named CVE-2025-14211. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability described as critical has been identified in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing manipulation of the argument roll_number can lead to sql injection. The identification of this vulnerability is CVE-2025-14212. The attack may be launched remotely. Furthermore, there is an exploit available.

作者：Kaiyuan Zhang、Mark Tenenholtz、Kyle Polley、Jerry Ma、Denis Yarats、Ninghui Li 译者：知道创宇404实验室翻译组 原文链接：https://arxiv.org/html/2511.20597v1 摘要 将人工智能（AI）代理集成到网页浏览器中，带来了超越传统Web应用威胁模型的安全挑战。已有研究已将提示注入识别为We...

株式会社 ＧＳユアサが提供するFULLBACK Manager ProはWindowsサービスを登録しますが、登録されるプログラムのファイルパスは引用符で囲まれていません。

A vulnerability was found in CheckUser Extension up to 1.39.3 on MediaWiki. It has been rated as problematic. The impacted element is an unknown function of the component CheckUserLog API Request Handler. The manipulation leads to denial of service. This vulnerability is listed as CVE-2023-29139. The attack must be carried out from within the local network. There is no available exploit.

A vulnerability was found in GrowthExperiments Extension up to 1.39.3 on MediaWiki. It has been classified as problematic. Impacted is an unknown function of the component Timezone Handler. Performing manipulation results in information disclosure. This vulnerability is identified as CVE-2023-29137. The attack can only be performed from the local network. There is not any exploit available.

A vulnerability, which was classified as critical, was found in Samsung Exynos Mobile Processor, Automotive Processor, Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110 and Exynos Auto T5123. This affects an unknown part of the component SIP Via Header Decoder. The manipulation results in memory corruption. This vulnerability is cataloged as CVE-2023-29090. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability was found in Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980 and Exynos 1080. It has been rated as problematic. This affects an unknown part of the component Network Interface Handler. The manipulation leads to handling of exceptional conditions. This vulnerability is listed as CVE-2023-29092. It is possible to launch the attack on the physical device. There is no available exploit.

A vulnerability has been found in Irssi up to 1.4.3 and classified as problematic. This affects an unknown function of the component Special Collector Reference Handler. The manipulation leads to use after free. This vulnerability is listed as CVE-2023-29132. The attack must be carried out from within the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in Samsung Exynos Mobile Processor, Automotive Processor, Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110 and Exynos Auto T5123 and classified as critical. This vulnerability affects unknown code of the component SIP URI Decoder. This manipulation causes memory corruption. This vulnerability is registered as CVE-2023-29091. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as critical has been found in Samsung Exynos Mobile Processor, Automotive Processor, Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110 and Exynos Auto T5123. Affected is an unknown function of the component SIP Retry-After Header Decoder. Performing manipulation results in memory corruption. This vulnerability is identified as CVE-2023-29087. The attack can be initiated remotely. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Samsung Exynos Mobile Processor, Automotive Processor, Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110 and Exynos Auto T5123. Affected by this vulnerability is an unknown functionality of the component SIP Session-Expires Header Decoder. Executing manipulation can lead to memory corruption. This vulnerability is tracked as CVE-2023-29088. The attack can be launched remotely. No exploit exists. Applying a patch is advised to resolve this issue.

A vulnerability, which was classified as critical, has been found in Samsung Exynos Mobile Processor, Automotive Processor, Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110 and Exynos Auto T5123. Affected by this issue is some unknown functionality of the component SIP Multipart Message Decoder. The manipulation leads to memory corruption. This vulnerability is listed as CVE-2023-29089. The attack may be initiated remotely. There is no available exploit. It is suggested to install a patch to address this issue.

A vulnerability was found in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. It has been rated as critical. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-14207. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

A vulnerability identified as critical has been detected in Campcodes School File Management System 1.0. This impacts an unknown function of the file /update_query.php. This manipulation of the argument stud_id causes sql injection. This vulnerability is handled as CVE-2025-14209. The attack can be initiated remotely. Additionally, an exploit exists.