Aggregator

A vulnerability was found in Node.js and classified as critical. This issue affects some unknown processing of the component Uint8Array Handler. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2023-39332. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Node.js up to 20.11.0/21.6.0. This affects an unknown part of the file Node.js of the component Experimental Permission Model. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-21890. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in Node.js up to 20.11.0/21.6.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Experimental Permission Model. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-21891. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in Node.js. It has been classified as problematic. This affects the function privateDecrypt of the component Crypto Library. The manipulation leads to observable timing discrepancy. This vulnerability is uniquely identified as CVE-2023-46809. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Node.js. This issue affects some unknown processing of the component HTTP Request Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-22019. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Node.js up to 20.11.0. It has been classified as problematic. Affected is the function setuid of the component io_uring Handler. The manipulation leads to privilege dropping / lowering errors. This vulnerability is traded as CVE-2024-22017. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Node.js up to 18.19.0/20.11.0/21.6.1 and classified as critical. Affected by this vulnerability is the function fetch of the component Brotli Handler. The manipulation leads to resource consumption. This vulnerability is known as CVE-2024-22025. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Node.js up to 18.19.0/20.11.0/21.6.1. This vulnerability affects unknown code. The manipulation leads to code injection. This vulnerability was named CVE-2024-21892. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Node.js. Affected by this issue is some unknown functionality of the component CONTINUATION Frame Handler. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-27983. The attack may be launched remotely. There is no exploit available.

XELERA勒索软件伪装成虚假的FCEI职位信息，通过恶意Word文档攻击求职者，最终部署勒索软件，窃取数据并破坏系统，威胁严重。

A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. This vulnerability is traded as CVE-2024-13209. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

新闻速览 •国家网络安全通报中心：重点防范10个境外恶意网址和恶意IP •EFF牵头起诉，阻止马斯克DOGE访 […]

Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

Оказывается, мы многого не знали о формировании тригидрогена в космосе.

The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network's domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors

用 Rust 开发的文本编辑器项目 Zed 宣布引入编辑预测功能。该功能是基于开源大模型 Zeta，而 Zeta 是基于阿里巴巴的模型 Qwen2.5-Coder-7B。Zeta 是一个开源模型，包括开源数据集，开发者欢迎通过向数据集贡献数据帮助改进 Zeta。通过编辑预测，Zed 能预测使用者的下一次编辑，用户只需按 Tab 键即可应用。一旦接受预测，使用者可以通过反复按 Tab 键执行多个后续编辑，节省时间和按键次数。编辑预测目前可以免费测试，但开发者警告不会永远免费。

已修复

速修复