Aggregator

美国海关与边境保护局 (CBP) 周五晚上发布公告，宣布智能手机、电脑显示器、太阳能电池、硬盘、存储卡等共计 20 类产品将不受 125% 的新增进口关税影响。豁免的有效期追溯至 202 5年 4 月 5 日。苹果公司预计是免除关税的最大受益方，它今年早些时候承诺未来几年向美国投资 5000 亿美元。Wedbush Securities 估计，苹果约九成的 iPhone 生产和组装都在中国进行。Counterpoint Research 估计，苹果在美国拥有最多六周的库存。一旦库存耗尽，如果征收 145% 关税，iPhone 的价格可能会上涨。

Создатели платформы ловко обращают привычные технологии против нас.

A vulnerability was found in Optimole Super Page Cache for Cloudflare Plugin up to 4.7.5 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-27968. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Moodle 3.10.9. It has been rated as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation of the argument lang leads to cross site scripting. The identification of this vulnerability is CVE-2024-29374. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Page Builder Plugin up to 1.8.4 on WordPress. Affected by this issue is some unknown functionality of the component Custom Attributes Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-2504. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Getwid Plugin up to 2.0.5 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Block Content Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1948. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Cards for Beaver Builder Plugin up to 1.1.2 on WordPress. This affects an unknown part of the component Bootstrapcard Link Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2305. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Memberpress Plugin up to 1.11.26 on WordPress and classified as problematic. This vulnerability affects unknown code of the component Error Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-1412. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in gradio up to 4.19.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-1727. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-2816. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-2817. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in VvvebJs up to 1.7.6. This issue affects some unknown processing of the file save.php. The manipulation of the argument action leads to cross site scripting. The identification of this vulnerability is CVE-2024-29271. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Codiad 2.8.4. Affected by this issue is some unknown functionality of the file components/market/dialog.php. The manipulation of the argument Type leads to cross site scripting. This vulnerability is handled as CVE-2024-26557. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in dzzoffice 2.02.1. This affects an unknown part of the file index.php of the component SVG Document Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-29273. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Lychee 3.1.6 and classified as problematic. This vulnerability affects unknown code of the component Album Handler. The manipulation of the argument Title leads to cross site scripting. This vulnerability was named CVE-2024-25807. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Lychee 3.1.6. Affected is an unknown function of the component Create New Album Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-25808. It is possible to launch the attack remotely. There is no exploit available.

Qt利用poolparty+计划任务进行断链，隐藏真实意图

A vulnerability was found in IBM Aspera Faspex up to 5.0.11. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-3423. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. This vulnerability is known as CVE-2025-3546. The attack can only be done within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.