Aggregator

本文根据笔者对医疗器械安全的检测经验，分享关于FDA对医疗器械安全的相关技术要求，以及笔者的测评思路和方法。

近日，绿盟科技CERT监测到PostgreSQL发布安全公告，修复了PostgreSQL SQL注入漏洞（CVE-2025-1094），CVSS评分8.1。目前漏洞细节与PoC已公开，且发现在野利用，请相关用户尽快采取措施进行防护。

近日，绿盟科技CERT监测到PostgreSQL发布安全公告，修复了PostgreSQL SQL注入漏洞（CVE-2025-1094），CVSS评分8.1。目前漏洞细节与PoC已公开，且发现在野利用，请相关用户尽快采取措施进行防护。

A vulnerability, which was classified as problematic, was found in mrlegend1235 Typed JS Plugin up to 1.2.0 on WordPress. This affects an unknown part. The manipulation of the argument typespeed leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-1328. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in torviswesley Legoeso PDF Manager Plugin up to 1.2.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument checkedVals leads to sql injection. This vulnerability is handled as CVE-2025-0866. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in enituretechnology LTL Freight Quotes Plugin up to 2.3.12 on WordPress. Affected by this vulnerability is the function engtz_wd_save_dropship of the component AJAX Endpoint. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-1483. The attack can be launched remotely. There is no exploit available.

近年来，网络赌博及其衍生的违法犯罪活动呈现出高发态势。在网络赌博中，由于不存在实际的物理场所，参赌人员与庄家没有实体接触，赌博集团便能更轻易地通过人为操作来修改胜负条件或胜率，进而骗取赌客钱财。

新技术的运用必须在法律的框架下进行，不能以侵犯他人权益，破坏社会环境、扰乱社会秩序为代价。

一图读懂国家标准 GB/T 30278-2024《网络安全技术 政务计算机终端核心配置规范》

不久前，国家发展改革委、国家数据局会同有关部门联合印发《关于完善数据流通安全治理 更好促进数据要素市场化价值化的实施方案》，要求推动数据高质量发展和高水平安全良性互动，充分释放数据价值，促进数据开发利用。

AI开始与人类畅谈、回答人类的一切问题、帮助人类做决策、给予人类情感陪护……人工智能正在成为人类的“外接大脑”与“机器义肢”，在工作与生活的各个场景与人类深度链接。

个人信息保护合规审计是指对个人信息处理者的个人信息处理活动是否符合法律、行政法规的规定进行审查和评价的监督活动。《个人信息保护合规审计管理办法》则进一步细化了审计的具体实施规则，标志着我国个人信息保护监管体系进一步完善。

《人工智能安全治理框架》1.0 版标志着我国在人工智能安全治理领域迈出了坚实的一步。《框架》的发布不仅是对《全球人工智能治理倡议》的具体落实，也是推动全球人工智能安全治理合作的重要一步。

A vulnerability classified as problematic has been found in webcodingplace Ultimate Classified Listings Plugin up to 1.4 on WordPress. Affected is the function update_profile. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-13753. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in vanderwijk Content Blocks Plugin up to 3.3.5 on WordPress. It has been rated as problematic. This issue affects the function Content of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-6432. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in kwestion505 Bandsintown Events Plugin up to 1.3.1 on WordPress. It has been classified as problematic. This affects the function bandsintown_events of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13802. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in dcurasi Cookie Notice Bar Plugin up to 1.3.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-13849. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in webcodingplace Ultimate Classified Listings Plugin up to 1.4 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Title leads to cross site scripting. This vulnerability is handled as CVE-2024-13748. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in codemenschen Gift Cards Plugin up to 4.4.6 on WordPress and classified as problematic. Affected by this vulnerability is the function update_voucher_price/update_voucher_date/update_voucher_note. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-13520. The attack can be launched remotely. There is no exploit available.