Aggregator

CVE-2025-6625 | Schneider Electric Modicon M340 FTP denial of service (SEVD-2025-224-05)

VulDB Recent Entries
8 months 4 weeks ago
A vulnerability has been found in Schneider Electric Modicon M340, BMXNOR0200H Ethernet, Serial RTU Module, BMXNGD0100 M580 Global Data Module, BMXNOC0401 Modicon M340 X80 Ethernet Communication Module, BMXNOE0100 Modbus, TCP Ethernet Modicon M340 Module, BMXNOE0110 Modbus and TCP Ethernet Modicon M340 FactoryCast Module and classified as problematic. Impacted is an unknown function of the component FTP Handler. The manipulation leads to denial of service. This vulnerability is referenced as CVE-2025-6625. Remote exploitation of the attack is possible. No exploit is available. To fix this issue, it is recommended to deploy a patch.
vuldb.com

Microsoft Store 应用将强制性自动更新

Solidot
8 months 4 weeks ago
微软 Microsoft Store 应用商店的最新更新修改了设置,用户无法再禁用自动更新。用户可以暂停更新一到五周,之后应用会再次执行自动更新。禁用 Microsoft Store 自动更新变成了历史。微软可能是出于安全原因确保应用商店里的应用保持为最新版本。

Hundreds of TeslaMate Installations Leaking Sensitive Vehicle Data in Real Time

Cyber Security News
8 months 4 weeks ago

A cybersecurity researcher has discovered that hundreds of publicly accessible TeslaMate installations are exposing sensitive Tesla vehicle data without authentication, revealing GPS coordinates, charging patterns, and personal driving habits to anyone on the internet.  The vulnerability stems from misconfigured deployments of the popular open-source Tesla data logging tool, which connects to Tesla’s official API to […]

The post Hundreds of TeslaMate Installations Leaking Sensitive Vehicle Data in Real Time appeared first on Cyber Security News.

Florence Nightingale

Xerox fixed path traversal and XXE bugs in FreeFlow Core

Security Affairs
8 months 4 weeks ago
Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]
Pierluigi Paganini

学习检测大型视觉语言模型中的未知越狱攻击:一种统一且准确的方法

Seebug Paper
8 months 4 weeks ago
作者:Shuang Liang, Zhihao Xu, Jialing Tao, Hui Xue, Xiting Wang 译者:知道创宇404实验室翻译组 原文链接:https://arxiv.org/html/2508.09201v1 摘要 尽管进行了大量的对齐工作,大型视觉语言模型(LVLMs)仍然容易受到越狱攻击,存在严重的安全隐患。尽管最近的检测工作转向了内部表示,因为它们包含丰富...

Beast

Dark Feed IO
8 months 4 weeks ago

You must login to view this content

cohenido

Beast

Dark Feed IO
8 months 4 weeks ago

You must login to view this content

cohenido

Beast

Dark Feed IO
8 months 4 weeks ago

You must login to view this content

cohenido

Meta 的 AI 规则允许聊天机器人与儿童调情

Solidot
8 months 4 weeks ago
根据 Meta Platforms 的一份内部文件,该公司的 AI 规则允许聊天机器人与儿童调情,生成虚假医疗信息,帮助用户辩论黑人比白人笨。这份标题为《GenAI: Content Risk Standards》的文件讨论了该公司 AI 聊天机器人的行为指南。Meta 确认了该文件的真实性,但表示已经删除了相关内容。Meta 发言人 Andy Stone 称,该公司正在修改该文件,称与儿童进行调情式的对话是绝对不应允许的。

Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption

Cyber Security News
8 months 4 weeks ago

A significant security update rolled out by Microsoft with the Windows 11 24H2 (KB5063878) release is causing widespread issues for users, with reports surfacing that the update can render SSDs and HDDs inaccessible and may potentially corrupt user data. Last week’s Patch Tuesday (August 2025) saw Microsoft release several critical security updates for Windows 10 […]

The post Windows 11 24H2 Security Update Causes SSD/HDD Failures and Potential Data Corruption appeared first on Cyber Security News.

Guru Baran

Managed ad