Aggregator

官方已联系受影响用户

CVE выживает в подвешенном состоянии, как и вся кибербезопасность США.

A vulnerability classified as problematic has been found in Jelsoft vBulletin. This affects an unknown part of the file memberlist.php. The manipulation of the argument what leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2004-1824. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Microsoft Windows up to Server 2012. Affected is an unknown function of the component User Profile Service. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2015-0004. Local access is required to approach this attack. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

在一位心怀不满的开发者被驱逐创建分支另立门户 X11Libre 之后，X.Org Server 项目的 Git 库最近几天的活跃度大增，主要目的是回滚有问题的代码。部分回滚与 X11Libre 开发者在被驱逐前递交的代码有关，部分与不正确处理版权和许可通知有关，还有部分是新补丁导致功能破坏有关。

A vulnerability was found in HP Storage Data Protector 6.21. It has been classified as very critical. This affects an unknown part of the file OmniInet.exe. The manipulation leads to improper privilege management. This vulnerability is uniquely identified as CVE-2013-2347. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Canadian airline WestJet is investigating a cyber-attack that struck on June 13

致力于第一时间为企业级用户提供权威的漏洞情报和有效的解决方案。

A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. This vulnerability is handled as CVE-2025-6109. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Кто-то возит наличку в банк, а кто-то прямо в подполье — по маршруту без возврата.

A vulnerability classified as problematic was found in Wordpress Pay-with-tweet 1.1. This vulnerability affects unknown code of the file pay.php. The manipulation of the argument dl leads to cross site scripting. This vulnerability was named CVE-2012-5349. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Июньский дайджест трендовых уязвимостей.

Name: smileyCTF 2025 (an smileyCTF event.)
Date: June 14, 2025, midnight — 16 June 2025, 00:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://play.ctf.gg/
Rating weight: 48.61
Event organizers: .;,;.

Name: CyberSci Nationals 2025 (an CyberSci event.)
Date: June 14, 2025, 1 p.m. — 15 June 2025, 23:00 UTC  [add to calendar]
Format: Jeopardy
On-site
Location: Ottawa, Canada
Offical URL: https://cybersecuritychallenge.ca/
Rating weight: 0
Event organizers: 0xD13A

约98%的首席信息安全官（CISO）在根据威胁情报采取行动时遇到了重大障碍。

A vulnerability, which was classified as critical, has been found in WordPress Pay-with-tweet 1.1. This issue affects some unknown processing. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2012-5350. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Reddit и TikTok уже в поле зрения «спецопераций».

A vulnerability, which was classified as critical, was found in Xmlsoft libxml2. This affects an unknown part of the component xmllint. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-6170. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Hamastar WIMP up to 5.3.1.34642. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. This vulnerability is handled as CVE-2025-6169. The attack may be launched remotely. There is no exploit available.