Aggregator

人工智能网络挑战赛（AIxCC）落幕 by ourren

更多最新文章，请访问SecWiki

A vulnerability has been found in N-able N-central up to 2025.3 and classified as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in xml external entity reference. This vulnerability was named CVE-2025-11700. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability has been found in WBCE CMS up to 1.6.3 and classified as critical. The impacted element is an unknown function of the file /admin/users/save.php of the component Group Membership Handler. Performing manipulation of the argument groups[] results in incorrect privilege assignment. This vulnerability is identified as CVE-2025-65094. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability classified as problematic has been found in Cloudflare gokey up to 0.1.x. This affects an unknown part. This manipulation causes insufficiently random values. The identification of this vulnerability is CVE-2025-13353. The attack can only be executed locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as problematic has been found in FileBird Plugin up to 6.5.1 on WordPress. This impacts the function ConvertController::insertToNewTable of the component Global Folders Handler. The manipulation results in missing authorization. This vulnerability is cataloged as CVE-2025-12900. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in CC Child Pages Plugin up to 2.0.0 on WordPress. This affects the function show_child_pages. Executing manipulation can lead to cross site scripting. This vulnerability appears as CVE-2025-13608. The attack may be performed from remote. There is no available exploit.

A vulnerability, which was classified as problematic, has been found in User Registration & Membership Plugin up to 4.4.6 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-13367. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in RegistrationMagic Plugin up to 6.0.6.7 on WordPress. This issue affects the function RM_Forms of the component Shortcode Handler. The manipulation results in cross site scripting. This vulnerability is known as CVE-2025-13610. It is possible to launch the attack remotely. No exploit is available.

A vulnerability was found in FluentAuth Plugin up to 2.0.3 on WordPress and classified as problematic. The affected element is the function fluent_auth_reset_password of the component Shortcode Handler. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-13728. The attack can be launched remotely. No exploit exists.

A vulnerability labeled as problematic has been found in Modula Image Gallery Plugin up to 2.13.1/2.13.2 on WordPress. This affects the function ajax_unzip_file. Executing manipulation can lead to race condition. This vulnerability appears as CVE-2025-13646. The attack may be performed from remote. There is no available exploit.

A vulnerability has been found in OpenSearch up to 3.1.x and classified as problematic. This vulnerability affects unknown code of the component Query String Handler. Performing manipulation results in uncontrolled recursion. This vulnerability is reported as CVE-2025-9624. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability classified as critical has been found in OpenPrinting cups-filters up to 2.0.1. The impacted element is an unknown function of the component Cups Printing Service. Performing manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2025-64524. The attack requires a local approach. No exploit exists. It is recommended to apply a patch to fix this issue.

A vulnerability described as problematic has been identified in Modula Image Gallery Plugin up to 2.2.4 on WordPress. This affects an unknown function. Executing manipulation can lead to cross site scripting (Stored). This vulnerability is registered as CVE-2020-9003. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

地球气候在数百万年间于冰河期与温暖期之间反覆摆荡，主要原因来自于地球轨道参数与自转轴倾角的微小变化。这类长期变动在地球科学上统称为米兰科维奇循环（Milankovitch cycles），反映了地球持续受到其他行星的引力扰动。行星间的引力交互作用，会缓慢改变地球的轨道离心率、自转轴倾角以及岁差方向，进而调节地表接收的太阳辐射量，塑造大尺度的气候模式。过往研究已确认木星与金星在此过程中扮演关键角色。最新的精细数值分析显示，质量相对较小的火星，对地球气候模式同样具有显著且先前被低估的影响。研究团队透过计算机模拟，系统性地将火星质量由零变化至现值的十倍，并追踪其对地球轨道参数在数百万年尺度上的气候影响，结果显示火星是决定地球季节性与气候变化的重要成员。模拟显示，主导冰河期与温暖期转换约 10 万年循环直接受到火星影响。地球自转轴倾角亦受火星重力扰动的直接影响。地质纪录中常见的 4.1 万年倾角循环，随火星质量增加而显著延长；若火星质量为现值的十倍，倾角循环的周期将延长至约 4.5～5.5 万年，足以大幅改变南、北半球冰盖的生成与消融时序。

Специалисты объясняют, как одна «дыра» в периметре может остановить целый завод.

A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.

先知安全沙龙第11场 - AI应用安全攻防实录

先知安全沙龙第11场 - 大模型时代的容器安全攻防实践

与动物不同，植物的性别并非与生俱来，而是受基因、激素水平、环境信号的调控，复杂性远超动物。性别决定在农业生产中有广泛应用价值。对于以种子和果实为收获对象的作物，增加雌花可以提高产量；对于观赏园艺作物，如银杏树，可通过控制雌雄比例来满足不同需求；在杂交育种中，利用纯雌系可以避免去雄工序，节约成本。中国农业大学的科学家发现关键基因 CsARF3 在生长素和乙烯激素之间搭建桥梁，精准调控黄瓜的性别决定。实验发现当 CsARF3 被编辑突变后，黄瓜植株不再产生雌花，全部变为雄花；当该基因过表达时，雌花数量显著增加。更重要的是，即使外施生长素也无法挽回突变体的表型。这证明 CsARF3 是生长素信号通路中不可或缺的关键环节。

The internet stayed busy, brittle, and under constant pressure in 2025. Cloudflare’s annual Radar Year in Review offers a wide view of how traffic moved, where attacks clustered, and what failed when systems were stressed. Cloudflare, which operates a large global network and publishes aggregated internet measurements through its Radar research program, based the report on traffic observed across its infrastructure throughout the year. The findings focus on trends rather than individual incidents, giving security … More →

The post What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts appeared first on Help Net Security.