Aggregator

A vulnerability was found in Zyxel USG FLEX H uOS up to 1.20/1.31. It has been classified as critical. Affected is an unknown function of the component PostgreSQL Command Handler. The manipulation leads to incorrect permission assignment. This vulnerability is traded as CVE-2025-1731. It is possible to launch the attack on the local host. There is no exploit available.

A vulnerability was found in IBM Maximo Asset Management 7.6.1.3 and classified as critical. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2025-2987. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

For years, security teams have operated in reactive mode, contending with siloed tools, fragmented intelligence, and a never-ending backlog of alerts. Traditional Security Operations platforms were supposed to unify data and streamline response—but they often introduced their own complexity, requiring heavy customization and manual oversight. ‘Hyper automation’ delivered much of the same empty promises, leaving most security teams firefighting today’s incidents with limited bandwidth to proactively manage tomorrow’s risks. StrikeReady is introducing its next-generation Security Command … More →

The post StrikeReady Security Command Center v2 accelerates threat response appeared first on Help Net Security.

在上个月首次突破每盎司 3000 美元之后，黄金期货在时隔一个多月后突破了每盎司 3500 美元。这一波上涨的背景是美元的主导权地位正在动摇。在国际政治面临分裂的情况下，无处可去的资金正在集中于作为实物资产的黄金。引发最新涨势的是美国总统特朗普威胁解雇美联储主席 Jerome Hayden Powell，令外界担忧联储的独立性，市场情绪更加恐慌，带动国际金价不断飙升，达到每盎司 3,502.6 美元。自今年初以来，黄金价格已暴涨逾30%。

A vulnerability was found in IP-COM EW9 15.11.0.14. It has been rated as critical. Affected by this issue is the function cmd_get_ping_output. The manipulation leads to command injection. This vulnerability is handled as CVE-2022-45005. Access to the local network is required for this attack. There is no exploit available.

A vulnerability was found in Arcadyan VRV9506JAC23. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Administrative Dashboard. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2020-9420. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Arcadyan VRV9506JAC23. Affected is an unknown function of the component Administrative Dashboard. The manipulation of the argument hostName/domain_name leads to cross site scripting. This vulnerability is traded as CVE-2020-9419. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in wasm3 7890a2097569fde845881e0b352d813573e371f9. Affected is the function op_CallIndirect of the file /m3_exec.h. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2022-44874. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 5.16-rc6. This issue affects the function ef100_update_stats of the file drivers/net/ethernet/sfc/ef100_nic.c. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2022-3106. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Binbloom 2.0. It has been declared as critical. Affected by this vulnerability is the function read_pointer of the file /binbloom-master/src/helpers.c. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2022-44910. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in oretnom23 Helmet Store Showroom 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation leads to sql injection. This vulnerability is handled as CVE-2022-46071. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as critical has been found in oretnom23 Helmet Store Showroom 1.0. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2022-46072. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability classified as critical was found in oretnom23 Helmet Store Showroom Site 1.0. This vulnerability affects unknown code of the file /hss/?page=view_product. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2022-46117. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability has been found in oretnom23 Helmet Store Showroom 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2022-46073. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in oretnom23 Helmet Store Showroom 1.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2022-46074. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in D-Link DIR-823G 1.0.2B05. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument SOAPACTION leads to buffer overflow. The identification of this vulnerability is CVE-2024-27655. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05. Affected is an unknown function. The manipulation of the argument Cookie leads to buffer overflow. This vulnerability is traded as CVE-2024-27656. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05. Affected by this vulnerability is an unknown functionality. The manipulation of the argument User-Agent leads to buffer overflow. This vulnerability is known as CVE-2024-27657. The attack can be launched remotely. There is no exploit available.

Преступники до сих пор используют «дверь», которую Microsoft закрыла 5 лет назад.

Whisky 是 macOS 平台上的 Wine Windows 兼容工具前端，其开发者是 18 岁的大学生 Isaac Marovitz。他在官网上宣布了停止更新的声明，他解释说，自己在东北大学上学，需要平衡学业和开发工作。他建议 Whisky 用户改为购买 CodeWeavers 的付费产品 CrossOver，称 CrossOver 经常打折。他表示，CodeWeavers 和 Valve 在 Proton 上的工作对 Wine 项目产生了重大影响，而 Whisky 总体上对 Wine 的贡献几乎为零。他在开发过程中与 CodeWeavers 有过接触，对方从未告诉他应该做什么或不应该做什么，但通过接触他认为自己的免费开源工具可能会危及 CrossOver 的生存。对于 Isaac Marovitz 的观点，CodeWeavers CEO James B. Ramey 发表声明表示并不认同，但对其立场表示理解和同情。