Aggregator

A vulnerability classified as critical was found in Ads Pro Plugin up to 4.95 on WordPress. Affected is an unknown function. The manipulation of the argument site_id results in sql injection. This vulnerability is cataloged as CVE-2025-7402. The attack may be launched remotely. There is no exploit available.

cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs attention. At its core, cnspec looks for vulnerabilities and misconfigurations across public and private cloud environments, Kubernetes clusters, containers, container registries, servers, endpoints, SaaS products, infrastructure as code and APIs. It uses a … More →

The post cnspec: Open-source, cloud-native security and policy project appeared first on Help Net Security.

马斯克（Elon Musk）旗下的社交媒体 X/Twitter 开始展示账号注册的地理位置，如果该账号使用了 VPN 隐藏 IP 它还会提示可能使用了 VPN。该功能在上线之后一度下线，之后又恢复上线。地理位置信息显示很多政治网红的账号其实都是在美国之外运营的。MAGA NATION 有逾 39.2 万粉丝，其运营地点位于东欧；Dark Maga 有逾 1.5 万粉丝，其运营地点位于泰国；MAGA Scope 有逾 5.1 万粉丝，其运营地点位于尼日利亚；America First 有逾 6.7 万粉丝，其运营地点位于孟加拉国。反 MAGA 账号 Ron Smith 有逾 5.2 万名粉丝，其运营地点位于肯尼亚；Republicans Against Trump 有逾 97 万粉丝，其运营地点位于奥地利，目前使用美国 IP 的 VPN 隐藏原 IP。

A vulnerability has been found in Otsuka Information FMS up to 20251014.10r45111 and classified as problematic. This affects an unknown part. Performing manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-13589. The attack is possible to be carried out remotely. No exploit exists.

Сервисный гигант открыл хакерам доступ к досье миллионов.

Most people assume their medical data sits in quiet storage, protected by familiar rules. That belief gives a sense of safety, but new research argues that the world around healthcare data has changed faster than the policies meant to guide it. As a result, the system is stuck, and the cost of that stagnation is rising for patients, researchers, and innovators. The paper, written by experts from major U.S. medical institutions, examines how healthcare’s privacy-centric … More →

The post The privacy tension driving the medical data shift nobody wants to talk about appeared first on Help Net Security.

快速浏览！2025.11.17—11.23安全动态回顾。

两轮攻击均利用了编号为CVE-2023-48022的旧版高危漏洞。

A practical walkthrough of how hidden JSON fields can expose privilege flaws in modern signup APIsPr

A practical walkthrough of how hidden JSON fields can expose privilege flaws in modern signup APIsPr

Красная планета всё же может оказаться живой. Но радары не могут договориться, где правда.

大型平台的系统监管思路逐渐形成

A vulnerability categorized as critical has been discovered in Microsoft .NET, .NET Framework and Visual Studio. Affected by this issue is some unknown functionality. Such manipulation leads to denial of service. This vulnerability is documented as CVE-2023-29331. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

A vulnerability identified as problematic has been detected in Microsoft .NET and Visual Studio. Affected by this vulnerability is an unknown functionality. Performing manipulation results in Local Privilege Escalation. This vulnerability is cataloged as CVE-2023-32032. The attack must be initiated from a local position. There is no exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability marked as critical has been reported in Microsoft .NET and Visual Studio. This affects an unknown part. The manipulation leads to Local Privilege Escalation. This vulnerability is documented as CVE-2023-33128. The attack needs to be performed locally. There is not any exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Linux Kernel up to 6.8-rc2. It has been declared as problematic. Affected by this issue is the function epoll_wait of the component Binder. Such manipulation leads to denial of service. This vulnerability is referenced as CVE-2024-26606. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Microsoft .NET, .NET Framework and Visual Studio. Affected is an unknown function. This manipulation causes Remote Code Execution. This vulnerability appears as CVE-2023-24936. The attack may be initiated remotely. There is no available exploit. Applying a patch is the recommended action to fix this issue.

A vulnerability was found in Linux Kernel up to 5.4.225/5.10.157/5.15.81/6.0.11. It has been classified as critical. This affects the function sctp_stream_outq_migrate. Performing manipulation results in memory leak. This vulnerability is cataloged as CVE-2022-49013. The attack must originate from the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability classified as critical was found in Booth. Affected by this vulnerability is an unknown functionality of the component Authfile Directive. Executing manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2022-2553. The attack is only possible within the local network. No exploit exists. A patch should be applied to remediate this issue.

A vulnerability, which was classified as problematic, has been found in Samba up to 4.16.10/4.17.9/4.18.4. This affects an unknown function of the component Spotlight. Performing manipulation results in information disclosure. This vulnerability is cataloged as CVE-2023-34968. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.