Aggregator

A vulnerability was found in Apache Traffic Server up to 9.2.10/10.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component ESI Plugin. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2025-49763. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache Traffic Server up to 9.2.10/10.0.5. It has been classified as critical. Affected is an unknown function of the component Proxy Protocol Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-31698. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Где всё было? Там, куда телескоп не дотягивается.

A vulnerability was found in libblockdev and classified as critical. This issue affects some unknown processing of the component udisks. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2025-6019. Local access is required to approach this attack. There is no exploit available.

A vulnerability has been found in Target Video Easy Publish Plugin up to 3.8.5 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument width leads to cross site scripting. This vulnerability was named CVE-2025-5237. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation Plugin up to 3.5.3 on WordPress. This affects the function install_or_activate_addon_plugins of the component Plugin Installation Handler. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2025-1562. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Ultra Addons for Contact Form 7 Plugin up to 3.5.12 on WordPress. Affected by this issue is the function save_options. The manipulation leads to unrestricted upload. This vulnerability is handled as CVE-2025-6220. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as very critical was found in SolarWinds Web Help Desk up to 12.8.3 Hotfix 2. Affected by this vulnerability is an unknown functionality of the component AjaxProxy. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-28988. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

数字经济建立在开源的基础之上。大部分网站都运行在开源的 Apache 和 Nginx 之上，大部分服务器都运行开源的 Linux 系统，而最流行的移动系统 Android 也是基于 Linux，用于管理云计算工作负荷的 Kubernetes 也是开源的。开源运动在中国引起关注是在 2010 年代中期，开源社联合创始人林旅强（Richard）回忆称，早期采用开源的人主要是想要使用免费软件的开发者，当他们认识到向开源项目贡献代码有助于改善他们的求职前景时。他们开始拥抱开源运动。大企业紧跟其后。拥抱开源被认为有助于减少对西方技术的依赖。开源为科技公司提供了一种使用现有代码的快捷方式，能在庞大的开发者社区的帮助下构建自己的程序。2019 年华为被美国禁止使用 Android，2020 年华为推出了开源项目 OpenHarmony，华为还与阿里巴巴、百度和腾讯等合作成立了致力于开源开发的开放原子基金会（OpenAtom Foundation）。中国不仅成为开源项目的重要贡献者，也成为开源软件的早期采用者。京东是首批部署 Kubernetes 的公司之一。最近炙手可热的 AI 也进一步推动了中国的开源运动，企业和政府都将开源大模型视为缩小与美国差距的最快途径。DeepSeek 开源了其大模型，而阿里巴巴开源了 Qwen，百度也准备开源其文心大模型。

A vulnerability classified as critical has been found in CSV Me Plugin up to 2.0 on WordPress. Affected is the function csv_me_options_page. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2025-6086. It is possible to launch the attack remotely. There is no exploit available.

CloudX：为 Burp Suite 打造的加密解密终极方案 作者长期探索渗透测试中加密、防重放、签名等问题的最优解，最终以高度灵活的规则驱动机制推出了 CloudX。该工具设计先进、体积轻巧（不足 3000 行代码），具备强大的可扩展性和透明性。

JQCTF2025 Customize Virtual Machine复现

LitCTF2025 re wp&&复现

НОАК использует ИИ, который «галлюцинирует».

手把手带你深入分析 Fastjson JDBC 调用链利用过程

MiscCropping先伪加密修复ai写一个脚本exp扫描该二维码即可flag灵感菇🍄哩菇哩菇哩哇擦灵感菇灵感菇🍄打开环境，获取灵感菇查看源码，发现一个项目访问之后，得到用法用法下载main.py脚本直接利用发现出错，存在非法字符删除第一个蘑菇，再次运行得到flagflag像素中的航班先看附件，南方航空查找长城杯线下时间地点只有南航翅膀长这样，河南机场官网居然只有一趟航班。可能是实时的。看看航班

A vulnerability was found in WP-FeedStats tarteaucitron.io Plugin up to 1.9.4 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Query Parameter Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2025-4955. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Как в Иране борются с Израилем внутри смартфонов.

A former U.S. Central Intelligence Agency (CIA) analyst has been sentenced to little more than three years in prison for unlawfully retaining and transmitting top secret National Defense Information (NDI) to people who were not entitled to receive them and for attempting to cover up the malicious activity. Asif William Rahman, 34, of Vienna, has been sentenced today to 37 months on charges of