Aggregator

A vulnerability, which was classified as critical, was found in LyLme Spage 2.1. This affects an unknown part of the file lylme_spage/blob/master/admin/ajax_link.php. The manipulation of the argument sort leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4543. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #567290 / VDB-308289

NASA 发布三则最新声音化作品，将哈勃太空望远镜（Hubble）、詹姆斯・韦伯太空望远镜（James Webb）、钱德拉 X 射线天文台（Chandra）、X 光偏振成像卫星（IXPE）等太空望远镜所搜集的观测资料，转译为音乐形式，带领听众用耳朵探索宇宙中最极端的天体：黑洞。这三段声音化作品分别呈现黑洞形成前的恒星状态、黑洞与伴星的动态交互作用，以及黑洞巨大能量喷流的壮观景象。

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is handled as CVE-2025-4542. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in run-llama llama_index up to 0.3.5. Affected by this vulnerability is the function get_article_urls of the component KnowledgeBaseWebReader. The manipulation of the argument max_depth leads to resource consumption. This vulnerability is known as CVE-2025-1752. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation of the argument sortid leads to sql injection. This vulnerability is traded as CVE-2025-4541. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #567214 / VDB-308288

Introduction In the world of identity and access management (IAM), two protocols often come up during system design or vendor selection: SAML 2.0 and OAuth 2.0. While both serve to secure access, they solve fundamentally different problems and are optimized for different environments. Yet many developers confuse the two — or worse, implement one where...

The post SAML vs OAuth 2.0 – What’s the Difference? A Practical Guide for Developers appeared first on Security Boulevard.

Submit #567191 / VDB-308286

美国咖啡店正采取措施限制客户长时间占据座位，将咖啡店当作远程办公场所使用的行为。纽约 Devocion 连锁店将 WiFi 开放限制在工作日两小时时段，周末则完全关闭。底特律 Alba 咖啡店自 2023年 开业以来一直没有提供 WiFi。部分咖啡店甚至用胶带封住了电源插座。华盛顿 DC 咖啡馆 Elle 一开始没有提供 WiFi，因网上的差评而改为 WiFi 开放时间限制在周一至周四上午 8 点至下午 3 点，使用时间上限为 90 分钟。当然也有咖啡店认识到部分客户有远程办公的需求。它们特地为远程办公的客户提供了单独的房间，按小时收费，如果额外消费的话可获得积分。

根据杜克大学研究人员在 PNAS 期刊上发表的一项研究，使用 AI 是一把双刃剑——生成式 AI 可能会提高部分人的生产力，但也可能会损害他们的职业声誉。研究发现，在工作中使用 ChatGPT、Claude 和 Gemini 等 AI 工具的员工会面临同事和上司对其能力和积极性的负面评价。研究团队对逾 4400 名参与者展开了四项实验，调查对使用 AI 工具的用户的预期和实际评价。研究揭示了人们对使用 AI 帮助完成工作的人存在一致的偏见。针对 AI 用户的社会污名并不局限于特定人群。

A North Korea-linked attack group, known as WaterPlum (also referred to as Famous Chollima or PurpleBravo), has been actively targeting financial institutions, cryptocurrency operators, and FinTech companies globally. Since 2023, their infamous Contagious Interview campaign has utilized malware such as BeaverTail and InvisibleFerret to infiltrate systems. However, in September 2024, WaterPlum introduced a sophisticated new […]

The post North Korea’s OtterCookie Malware Added a New Feature to Attack Windows, Linux, and macOS appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Почти каждая монета — ловушка, почти каждый пул — обман.

A vulnerability was found in MTSoftware C-Lodop 6.6.1.1. It has been rated as critical. This issue affects some unknown processing of the component CLodopPrintService. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2025-4540. The attack needs to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. This vulnerability was named CVE-2025-4539. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #566789 / VDB-308285

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-4538. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #566698 / VDB-308284

От репликации ДНК до новых материалов — потенциал огромен.

Submit #567142 / VDB-308283