Aggregator

A vulnerability was found in 2daybiz Video Community Portal Script 1.0 and classified as problematic. This affects an unknown function of the file video.php. The manipulation of the argument videoid results in cross site scripting. This vulnerability is known as CVE-2010-2458. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability categorized as problematic has been discovered in VideoWhisper PHP 2 Way Video Chat. Affected by this vulnerability is an unknown functionality of the file index.php. Such manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2010-4971. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in 2daybiz Video Community Portal Script 1.0. It has been classified as critical. This impacts an unknown function of the file video.php. This manipulation of the argument videoid causes sql injection. This vulnerability is handled as CVE-2010-2459. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability, which was classified as problematic, was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. This vulnerability is reported as CVE-2025-14183. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in SGAI Space1 NAS N1211DS up to 1.0.915 and classified as critical. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. This vulnerability appears as CVE-2025-14184. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp and classified as critical. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. This vulnerability is traded as CVE-2025-14185. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

HackerNoon根据页面浏览量、互动量和评论数对科技新闻进行排名，并由TechBeat于2025年12月7日发布。

Intellexa терроризирует планету: даже санкции не остановили глобальную шпионскую империю.

嗯，用户让我帮忙总结一下这篇文章的内容，控制在100字以内，而且不需要特定的开头。我先看看文章的结构。文章主要介绍了银联可信服务安全组件（TSM）的技术白皮书，包括概述、架构组成、安全机制、应用场景、合规认证和未来展望。 首先，概述部分提到TSM是一个安全管理平台，用于保障移动支付中的用户敏感信息。架构组成包括安全元件、可信服务管理平台、安全通道和支付应用。安全机制有端到端加密、动态密钥管理等。应用场景涵盖手机闪付、可穿戴设备支付等。合规方面通过了国家和国际认证，未来展望包括支持数字人民币和国密算法。 接下来，我需要把这些要点浓缩到100字以内。重点突出TSM的功能、架构组成部分和应用场景，同时简要提到安全机制和未来的发展方向。 最后，确保语言简洁明了，不使用复杂的术语，让用户一目了然。 银联可信服务安全组件（TSM）是面向移动支付和数字金融的安全管理平台，由安全元件、可信服务管理平台、安全通道和支付应用组成。通过端到端加密、动态密钥管理等机制保障用户敏感信息的安全存储与传输。已应用于手机闪付、可穿戴设备支付等场景，并通过多项合规认证。未来将支持数字人民币、国密算法及多载体协同。

A vulnerability described as problematic has been identified in Linux Kernel up to 5.10.165/5.15.90/6.1.8. Affected by this vulnerability is the function l2tp_tunnel_register. Such manipulation leads to improper initialization. This vulnerability is documented as CVE-2023-53020. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.4.230/5.10.165/5.15.90/6.1.8 and classified as critical. Affected is the function net_tx_action of the component sch_taprio. Such manipulation leads to use after free. This vulnerability is listed as CVE-2023-53021. The attack must be carried out from within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.8. It has been rated as critical. The affected element is the function hci_cmd_sync_queue. Performing manipulation results in memory leak. This vulnerability is identified as CVE-2023-53018. The attack can only be performed from the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability labeled as critical has been found in Linux Kernel up to 6.1.8. This impacts the function hci_update_adv_data. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2023-53017. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in Linux Kernel up to 6.1.8. Affected is the function mdiobus_get_phy. This manipulation causes out-of-bounds read. This vulnerability is registered as CVE-2023-53019. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.90/6.1.8. The affected element is the function pt_core_execute_cmd. Executing manipulation can lead to denial of service. This vulnerability is registered as CVE-2023-53013. The attack requires access to the local network. No exploit is available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 6.1.8 and classified as critical. This vulnerability affects the function terminate_all. The manipulation results in memory leak. This vulnerability was named CVE-2023-53014. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.8. It has been classified as critical. This issue affects the function betopff_init. This manipulation causes null pointer dereference. The identification of this vulnerability is CVE-2023-53015. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 5.15.90/6.1.8. It has been declared as critical. Impacted is the function rfcomm_lock of the component Bluetooth. Such manipulation leads to improper update of reference count. This vulnerability is referenced as CVE-2023-53016. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability identified as problematic has been detected in Linux Kernel. Impacted is the function put_device of the component thermal. Performing manipulation results in privilege escalation. This vulnerability is cataloged as CVE-2023-53012. The attack must originate from the local network. There is no exploit available. To fix this issue, it is recommended to deploy a patch.

人工深度调试剖析 CVE-2025-55182 React4Shell 反序列化漏洞系列分析。