Aggregator

速修复

攻击者从单纯的数据盗取升级到了惩罚性的蓄意破坏

A vulnerability, which was classified as problematic, has been found in argoproj argo-cd up to 2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected is an unknown function of the component Configuration Handler. This manipulation of the argument webhook.azuredevops.username/webhook.azuredevops.password causes uncaught exception. This vulnerability is tracked as CVE-2025-59538. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected by this vulnerability is an unknown functionality of the file /api/webhook of the component API Request Handler. Such manipulation of the argument commits[].repo leads to denial of service. This vulnerability is listed as CVE-2025-59537. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

A vulnerability classified as problematic was found in argoproj argo-cd up to 1.8.7/2.14.19/3.0.18/3.1.7/3.2.0-rc1. Affected by this issue is some unknown functionality of the file /api/webhook. Such manipulation of the argument repository.links.clone leads to improper check or handling of exceptional conditions. This vulnerability is referenced as CVE-2025-59531. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical was found in Netty. This affects an unknown part. The manipulation results in http request smuggling. This vulnerability is cataloged as CVE-2025-58056. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability was found in Netty. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component netty-codec-compression. Such manipulation leads to highly compressed data. This vulnerability is traded as CVE-2025-58057. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome and classified as critical. This vulnerability affects unknown code of the component Safe Browsing. The manipulation results in use after free. This vulnerability is cataloged as CVE-2025-11756. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.

制药公司诺和诺德（Novo Nordisk）表示，减肥注射剂 Wegovy 的活性成分司美格鲁肽（semaglutide）并不能延缓阿尔茨海默病的发展。在涉及逾 3800 人的大型试验中，已被用于治疗 2 型糖尿病和肥胖症的 GLP-1 药物的效果与安慰剂相差无几。参与试验的患者年龄在 55-85 岁之间，司美格鲁肽治疗改善了阿尔茨海默病相关的生物标志物，但未能延缓疾病的发展。

Syncope硬编码密钥漏洞可致加密密码被解密。

格尔软件提出下一代公钥基础设施（NGPKI）技术架构，其核心不在于“替换”，而在于“融合演进”。

看雪论坛作者ID：阿强

Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.

A new version of the Shai-Hulud worm has infected hundreds of npm packages and caused disruption to global CI/CD workflows

Nov 25, 2025What are your favorite resources for secure code? Co-hosts JohnKinsella and Kalyani Paw