Aggregator

正文昨天在开bp测试的时候,突然看到一个令人吃惊的消息:GitHub 疑似屏蔽了所有中国 IP 的访问。

Meta announced today that it will soon start training its artificial intelligence models using content shared by European adult users on its Facebook and Instagram social media platforms. [...]

In this blog, we'll explore the main reasons why security teams fall behind, what you can do to fix it, and how to build a culture of continuous learning.

A vulnerability has been found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8 and classified as critical. Affected by this vulnerability is the function radeon_vce_cs_parse. The manipulation leads to uninitialized pointer. This vulnerability is known as CVE-2025-21996. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.84/6.12.20/6.13.8. It has been declared as problematic. This vulnerability affects the function xp_create_and_assign_umem. The manipulation of the argument chunk_size leads to integer overflow. This vulnerability was named CVE-2025-21997. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. It has been classified as problematic. Affected is the function load_microcode_amd. The manipulation leads to improper validation of array index. This vulnerability is traded as CVE-2025-21991. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.131/6.6.83/6.12.19/6.13.7. This vulnerability affects the function ibft_attr_show_nic of the file /sys/firmware/ibft/ethernetX/subnet-mask of the component iSCSI boot. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-21993. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Windows 11 24H2 用户在安装最新安全更新之后可能会对设备上出现一个神秘的空文件夹 inetpub 而感到困惑，鉴于它是空文件夹，一部分人可能觉得删除它不会发生什么大事。微软发表声明，警告不要删除，称该文件夹是修复 Windows Process Activation 提权漏洞 CVE-2025-21204 的一部分，IT 管理员和用户不要对此采取任何行动。如果你已经删除了怎么办？微软提供了修复方法：控制面板 > 程序 > 程序和功能 > 启用或关闭 Windows 功能，点击之后寻找到 Internet Information Services 然后勾选框，点击确定按钮，inetpub 文件夹将会重新创建。

A vulnerability was found in Shiba-Design Nukecalendar 1.1.a. It has been rated as problematic. This issue affects some unknown processing of the file modules.php of the component Error Message Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2004-1912. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak up to 21.0.7.20/23.0.20 and classified as critical. This issue affects some unknown processing. The manipulation leads to session expiration. The identification of this vulnerability is CVE-2024-49825. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GNOME libsoup and classified as problematic. This vulnerability affects the function soup_multipart_new_from_message. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-32914. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mattermost up to 9.11.9/10.4.3/10.5.1. This affects an unknown part of the component Bot Handler. The manipulation leads to incorrect implementation of authentication algorithm. This vulnerability is uniquely identified as CVE-2025-2475. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.11.9/10.5.1. Affected by this issue is some unknown functionality of the component Bookmark Handler. The manipulation leads to incorrect authorization. This vulnerability is handled as CVE-2025-2424. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.