Aggregator

Submit #693785 / VDB-333318

Submit #695437 / VDB-333317

Submit #693777 / VDB-333317

Submit #693776 / VDB-333316

Submit #695433 / VDB-333315

Submit #693767 / VDB-333315

Submit #695428 / VDB-333314

Submit #693758 / VDB-333314

A vulnerability classified as critical was found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument user_query results in sql injection. This vulnerability is reported as CVE-2025-13546. The attack can be launched remotely. Moreover, an exploit is present. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

A vulnerability classified as critical has been found in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /admin_area/index.php. The manipulation of the argument edit_pack leads to sql injection. This vulnerability is documented as CVE-2025-13545. The attack can be initiated remotely. Additionally, an exploit exists. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected is an unknown function of the file /customer_register.php. Executing manipulation can lead to unrestricted upload. This vulnerability is registered as CVE-2025-13544. It is possible to launch the attack remotely. Furthermore, an exploit is available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #691466 / VDB-333313

Submit #690978 / VDB-333312

Submit #690975 / VDB-333311

三星内存芯片价格自 9 月以来飙升 60%。DRAM 价格上涨凸显了 AI 数据中心激增的需求给全球供应链带来的巨大压力。作为全球最大的内存芯片制造商，三星大幅提高了高密度服务器 DRAM 模块的合同价格。内存芯片价格上涨的影响预计会持续到 2026 年。三星 32 GB DDR5 内存条的合同价格从 9 月的约 149 美元上涨至 11 月的约 239 美元，两个月内涨幅超过 60%。其它容量内存条如 16GB 和 128GB 内存条，价格上涨了 40% 到 50%，而 64GB 和 96GB 内存条的涨幅超过 30%。此次价格飙升的主要催化剂是 AI 基础设施的爆炸式增长。三星及其竞争对手 SK 海力士和美光科技已将大部分产能转向为 AI 服务器供应内存芯片，减少了传统内存芯片的产能。由于库存不足且产能接近饱和，2026 年底前，内存芯片价格不太可能出现回调。

Теперь можно искать микробов на Марсе и спутниках Юпитера?

在日益加剧的生态危机和水资源严重短缺的打击下，伊朗总统 Masoud Pezeshkian 周四表示德黑兰已经无法承担首都之职，伊朗别无选择只能迁都。伊朗官员考虑将首都迁至南部沿海地区。但专家表示此举并不能改变近千万德黑兰居民的现状，他们正遭受数十年来供水量持续下降带来的后果。伊朗几个世纪以来多次迁都，这次是首次因为生态灾难而迁都。康奈尔大学社会科学家兼城市规划师 Linda Shi 表示：气候变化并不是造成这一情况的原因，但它却是一个方便的借口，可用于逃避糟糕政治决策的责任。至少从 2008 年起，科学家就警告，伊朗城市和农业无节制抽取地下水正迅速耗尽该国的蓄水层。蓄水层每年损失约 17 亿立方米的水。气候变化确实是方便的借口。

Если новая структура подтвердится, астрономам придется переписать историю формирования внешних областей Солнечной системы и объяснить происхождение странного скопления.

开源邮件客户端 Thunderbird 项目开始在生产环境测试付费服务 Thunderbird Pro。该服务为每月 9 美元，包括了邮件托管、Send 加密文件共享和 Appointment 日程安排。用户支付 9 美元可获得：30 GB 邮件储存、300 GB Send 储存，15 个 Email 地址以及 3 个自定义域名。有很多人认为该服务定价过高。