Aggregator

以下为第一人称叙事。

Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones. [...]

Currently trending CVE - Hype Score: 1 - The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post.

2023 年 Google Chrome 移除了对实验性的 JPEG-XL 图像格式的支持。JPEG-XL 是免专利新的图像格式。Google 此举引发了很多争议，因为 Chrome/Chromium 占据了九成市场份额，它是 Web 标准事实上的仲裁者。到了 2025 年事情有了戏剧性转变。Google 开发者 Rick Byers 表示考虑恢复支持 JPEG-XL，预计将使用 JPEG-XL 的 Rust 语言实现。Google 开发者称，Safari 加入了对 JPEG-XL 支持，Firefox 也表明了立场，PDF 也准备添加 JPEG-XL 支持。Chromium 要默认启用 JPEG XL 解码器，需要有长期维护的承诺，满足这些条件的话将会恢复支持。

Как древняя математика управляет современными технологиями.

Passwork 7 unifies enterprise password and secrets management in a self-hosted platform. Organizations can automate credential workflows and test the full system with a free trial and up to 50% Black Friday savings. [...]

A vulnerability marked as critical has been reported in lKinderBueno Streamity Xtream IPTV Player up to 2.8. The impacted element is an unknown function of the file public/proxy.php. Performing manipulation results in server-side request forgery. This vulnerability is identified as CVE-2025-13588. The attack can be initiated remotely. Additionally, an exploit exists. It is suggested to upgrade the affected component.

Submit #687573 / VDB-333352

A vulnerability labeled as critical has been found in WP Shortcodes Plugin Plugin up to 7.4.5 on WordPress. The affected element is the function su_shortcode_csv_table. Such manipulation leads to server-side request forgery. This vulnerability is referenced as CVE-2025-12800. It is possible to launch the attack remotely. No exploit is available.

Потерянный ключ сделал результаты голосования математически недостижимыми - и ассоциации остается только начинать все с нуля.

Name: snakeCTF 2025 Finals (an snakeCTF event.)
Date: Nov. 20, 2025, 8 a.m. — 23 Nov. 2025, 13:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Lignano Sabbiadoro, Udine, Italy
Offical URL: https://snakectf.org/
Rating weight: 21.00
Event organizers: MadrHacks

Name: Infosec University Hackathon 2025 (an Synchrony Infosec University Hackathon event.)
Date: Nov. 23, 2025, 2 a.m. — 23 Nov. 2025, 07:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Location: https://syfinfosechackathon.info/
Offical URL: https://syfinfosechackathon.info/
Rating weight: 0
Event organizers: Synchrony Infosec University Hackathon

A vulnerability classified as problematic was found in Apple watchOS. This impacts an unknown function of the component Kernel Memory Handler. Executing manipulation can lead to out-of-bounds read. This vulnerability appears as CVE-2025-43374. The physical device can be targeted for the attack. There is no available exploit. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected by this vulnerability is an unknown functionality of the component Wi-Fi Profile Handler. The manipulation results in denial of service. This vulnerability is known as CVE-2025-31216. An attack on the physical device is feasible. No exploit is available. You should upgrade the affected component.

A vulnerability marked as problematic has been reported in Apple macOS. The affected element is an unknown function of the component Kernel Memory Handler. This manipulation causes out-of-bounds read. This vulnerability is registered as CVE-2025-43374. It is feasible to perform the attack on the physical device. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability described as problematic has been identified in Apple iOS and iPadOS. The impacted element is an unknown function of the component Kernel Memory Handler. Such manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2025-43374. The attack can be executed directly on the physical device. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability classified as problematic has been found in Apple visionOS. This affects an unknown function of the component Kernel Memory Handler. Performing manipulation results in out-of-bounds read. This vulnerability is reported as CVE-2025-43374. The attack may be carried out on the physical device. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Pop-Up Window Handler. This manipulation causes improper restriction of rendered ui layers. The identification of this vulnerability is CVE-2025-31266. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended.