【安全圈】豆包手机助手被曝可直接问出银行余额
关键词信息安全近期,豆包手机助手未来的手机方向,真的朝着“手机助手AI化”的方向发展了。
Aggregator
最新《网络数据安全风险评估办法(征求意见稿)》要求重要数据每年评估,一般数据每3年查1次!
3 weeks 5 days ago
国家互联网信息办公室关于《网络数据安全风险评估办法(征求意见稿)》公开征求意见的通知
Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions
3 weeks 5 days ago
A critical vulnerability class dubbed “PromptPwnd,” affects AI agents integrated into GitHub Actions and GitLab CI/CD pipelines. This flaw allows attackers to inject malicious prompts via untrusted user inputs like issue titles or pull request bodies, tricking AI models into executing privileged commands that leak secrets or alter workflows. At least five Fortune 500 companies […]
The post Researchers Hack Google’s Gemini CLI Through Prompt Injections in GitHub Actions appeared first on Cyber Security News.
Guru Baran
«Люди станут рыбами, ИИ — в 10 000 раз умнее» Глава SoftBank предсказал будущее искусственного суперинтеллекта — но остался оптимистом
3 weeks 5 days ago
Пока одни эксперты предупреждают о возможном вымирании человечества, Масайоши Сон уверяет, что мы просто займем место рыб в аквариуме суперразумных машин.
Rhysida
3 weeks 5 days ago
You must login to view this content
cohenido
Миллионы кубитов против одной молекулы. Мечты о квантовой революции разбиваются о суровую реальность физики
3 weeks 5 days ago
Ученые развенчали мифы о скором прорыве.
Deepseek大模型安全应用开发:从提示词、Agent到RAG的完整实现
3 weeks 5 days ago
漏洞分析、脚本生成… 大语言模型如何助力网络安全?这门课告诉你答案!
从ANGR-CTF项目入手ANGR和符号执行技术
3 weeks 5 days ago
看雪论坛作者ID:S_i_d
Фатальное комбо: истребитель F-35A получит ракету, от которой невозможно увернуться
3 weeks 5 days ago
Американский стелс и передовые технологии Европы объединились, чтобы переписать правила воздушного боя.
CVE-2025-12191 | PDF Catalog for WooCommerce Plugin up to 1.1.18 on WordPress cross site scripting
3 weeks 5 days ago
A vulnerability was found in PDF Catalog for WooCommerce Plugin up to 1.1.18 on WordPress. It has been classified as problematic. This affects an unknown function. Performing manipulation results in cross site scripting.
This vulnerability was named CVE-2025-12191. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-12128 | Hide Categories Or Products On Shop Page Plugin up to 1.0.7 on WordPress save_data_hcps cross-site request forgery
3 weeks 5 days ago
A vulnerability categorized as problematic has been discovered in Hide Categories Or Products On Shop Page Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is the function save_data_hcps. The manipulation results in cross-site request forgery.
This vulnerability is identified as CVE-2025-12128. The attack can be executed remotely. There is not any exploit available.
vuldb.com
CVE-2025-13360 | Quantic Social Image Hover Plugin up to 1.0.8 on WordPress Setting cross-site request forgery
3 weeks 5 days ago
A vulnerability identified as problematic has been detected in Quantic Social Image Hover Plugin up to 1.0.8 on WordPress. Affected by this issue is some unknown functionality of the component Setting Handler. This manipulation causes cross-site request forgery.
This vulnerability is tracked as CVE-2025-13360. The attack is possible to be carried out remotely. No exploit exists.
vuldb.com
CVE-2025-12190 | wps Image Optimizer Plugin up to 1.2.0 on WordPress imagopby_ajax_optimize_gallery cross-site request forgery
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in wps Image Optimizer Plugin up to 1.2.0 on WordPress. This affects the function imagopby_ajax_optimize_gallery. Such manipulation leads to cross-site request forgery.
This vulnerability is listed as CVE-2025-12190. The attack may be performed from remote. There is no available exploit.
vuldb.com
CVE-2025-13512 | CoSign Single Signon Plugin up to 0.3.1 on WordPress $_SERVER['PHP_SELF'] cross site scripting
3 weeks 5 days ago
A vulnerability marked as problematic has been reported in CoSign Single Signon Plugin up to 0.3.1 on WordPress. This vulnerability affects unknown code. Performing manipulation of the argument $_SERVER['PHP_SELF'] results in cross site scripting.
This vulnerability is cataloged as CVE-2025-13512. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-12163 | Omnipress Plugin up to 1.6.3 on WordPress SVG File cross site scripting
3 weeks 5 days ago
A vulnerability described as problematic has been identified in Omnipress Plugin up to 1.6.3 on WordPress. This issue affects some unknown processing of the component SVG File Handler. Executing manipulation can lead to cross site scripting.
This vulnerability is registered as CVE-2025-12163. It is possible to launch the attack remotely. No exploit is available.
vuldb.com
CVE-2025-12165 | Webcake Plugin up to 1.1 on WordPress webcake_save_config authorization
3 weeks 5 days ago
A vulnerability classified as problematic was found in Webcake Plugin up to 1.1 on WordPress. The affected element is the function webcake_save_config. The manipulation results in missing authorization.
This vulnerability is reported as CVE-2025-12165. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2025-12153 | Featured Image via URL Plugin up to 0.1 on WordPress unrestricted upload
3 weeks 5 days ago
A vulnerability, which was classified as critical, has been found in Featured Image via URL Plugin up to 0.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload.
This vulnerability is listed as CVE-2025-12153. The attack may be initiated remotely. There is no available exploit.
vuldb.com
CVE-2025-12181 | ContentStudio Plugin up to 1.3.7 on WordPress cstu_update_post unrestricted upload
3 weeks 5 days ago
A vulnerability has been found in ContentStudio Plugin up to 1.3.7 on WordPress and classified as critical. This affects the function cstu_update_post. This manipulation causes unrestricted upload.
This vulnerability is registered as CVE-2025-12181. Remote exploitation of the attack is possible. No exploit is available.
vuldb.com
CVE-2025-12370 | Takeads Plugin up to 1.0.13 on WordPress Setting authorization
3 weeks 5 days ago
A vulnerability was found in Takeads Plugin up to 1.0.13 on WordPress. It has been rated as problematic. The affected element is an unknown function of the component Setting Handler. The manipulation leads to missing authorization.
This vulnerability is traded as CVE-2025-12370. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-12133 | EPROLO Dropshipping Plugin up to 2.3.1 on WordPress AJAX Endpoint wp_ajax_eprolo_delete_tracking authorization
3 weeks 5 days ago
A vulnerability labeled as problematic has been found in EPROLO Dropshipping Plugin up to 2.3.1 on WordPress. This impacts the function wp_ajax_eprolo_delete_tracking of the component AJAX Endpoint. Such manipulation leads to missing authorization.
This vulnerability is uniquely identified as CVE-2025-12133. The attack can be launched remotely. No exploit exists.
vuldb.com