Aggregator

ASUS has disclosed a critical security flaw impacting routers with AiCloud enabled that could permit remote attackers to perform unauthorized execution of functions on susceptible devices. The vulnerability, tracked as CVE-2025-2492, has a CVSS score of 9.2 out of a maximum of 10.0. "An improper authentication control vulnerability exists in certain ASUS router firmware series,"

A vulnerability was found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Filterable Gallery Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1171. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Accordion Widget. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-1172. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-1236. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ylianst MeshCentral up to 1.1.20 and classified as problematic. This issue affects some unknown processing of the file control.ashx of the component CSWSH. The manipulation leads to origin validation error. The identification of this vulnerability is CVE-2024-26135. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in wpdevteam Essential Addons for Elementor Plugin up to 5.9.8 on WordPress. Affected by this issue is some unknown functionality of the component Content Ticker. The manipulation of the argument arrow leads to cross site scripting. This vulnerability is handled as CVE-2024-1276. The attack may be launched remotely. There is no exploit available.

聊聊安全创业的心得、踩过的坑和关键决策及思考

聊聊安全创业的心得、踩过的坑和关键决策及思考

特朗普要开除美联储主席鲍威尔，这可是动摇国本的大事。自 1913 年美联储成立以来，还从未有过美联储主席被罢免的先例。

特朗普要开除美联储主席鲍威尔，这可是动摇国本的大事。自 1913 年美联储成立以来，还从未有过美联储主席被罢免的先例。

01.NET内网安全攻防报刊小报童电子报刊【.NET内网安全攻防】也正式上线了，引入小报童也是为了弥补知识星球

Один рухнул на старте, другой врезался в забор, третий победил — роботозабег, как он есть.

Физики открыли способ концентрировать энергию в самых малых масштабах.

A vulnerability classified as critical has been found in SourceCodester Phone Management System 1.0. This affects the function main of the component Password Handler. The manipulation of the argument s leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-3763. Local access is required to approach this attack. Furthermore, there is an exploit available.

A vulnerability was found in DaiCuo 1.3.13. It has been rated as problematic. Affected by this issue is some unknown functionality of the component SEO Optimization Settings Section. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3795. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Sun One Application Server 7.0 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Error Message Handler. The manipulation leads to basic cross site scripting. This vulnerability is known as CVE-2003-0413. The attack can be launched remotely. Furthermore, there is an exploit available.