Aggregator

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.38/6.15.6. The affected element is the function alloc_tag_top_users. Executing manipulation can lead to improper initialization. This vulnerability is tracked as CVE-2025-38517. The attack is only possible within the local network. No exploit exists. You should upgrade the affected component.

这是曾思玉1957.7.23发表在《解放军报》上的文章

2025 年智能安全运营（ AI SOC） 市场格局 by ourren

BlackHat USA 2025 Slides by ourren

更多最新文章，请访问SecWiki

Google has awarded a record-breaking $250,000 bounty to security researcher “Micky” for discovering a critical remote code execution vulnerability in Chrome’s browser architecture.  The vulnerability allowed malicious websites to escape Chrome’s sandbox protection and execute arbitrary code on victim systems.  Key Takeaways1.Google paid researcher "Micky" a record amount for finding a critical Chrome vulnerability.2.The bug […]

The post Google Awards $250,000 Bounty for Chrome RCE Vulnerability Discovery appeared first on Cyber Security News.

克罗地亚将其数字游民签证有效期从一年延长至三年，允许非欧盟居民及其近亲在该国远程工作和生活。数字游民签证是一种短期签证，大部分国家的数字游民签证有效期是六个月到一年。克罗地亚更新了它的政策，允许最长三年，而且允许亲密的家庭成员加入，所谓亲密家庭成员指的是同居三年以上但无子女的伴侣，或同居短于三年有子女的伴侣。当地官员表示此举旨在吸引更多人才前来该国工作和生活。克罗地亚的生活成本较低，但仍需改善其网络基础设施。

A critical vulnerability in the Microsoft Web Deploy tool could allow authenticated attackers to execute remote code on affected systems.  The vulnerability, tracked as CVE-2025-53772, was disclosed on August 12, 2025, and carries a CVSS score of 8.8, indicating high severity. The flaw stems from the deserialization of untrusted data in Web Deploy, classified under […]

The post Microsoft IIS Web Deploy Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Skydweller готов сражаться за родину.

A vulnerability, which was classified as critical, has been found in Wachipi WP Events Calendar Plugin 1.0 on WordPress. This vulnerability affects unknown code of the file event.php. The manipulation of the argument event_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-5315. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in SnapCreek Duplicator Plugin 1.2.32 on Windows. It has been rated as problematic. Affected is an unknown function of the file installer/build/view.step4.php. The manipulation of the argument json as part of Parameter leads to cross site scripting. This vulnerability is traded as CVE-2018-7543. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability described as critical has been identified in Contact Form 7 to Database Extension Plugin 2.10.32 on WordPress. This affects an unknown part of the file ExportToCsvUtf8.php. The manipulation as part of Spreadsheet leads to improper input validation. This vulnerability is uniquely identified as CVE-2018-9035. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Caldera Forms Plugin up to 1.5.x on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2018-7747. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WordPress Comments Import and Export up to 2.0.3 on WordPress. It has been rated as critical. Affected is an unknown function. The manipulation leads to injection. This vulnerability is traded as CVE-2018-11526. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Booking Calendar Plugin 8.4.3 on WordPress. This vulnerability affects unknown code. The manipulation of the argument booking_id as part of Parameter leads to sql injection. This vulnerability was named CVE-2018-20556. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in 99 Robots WP Background Takeover Advertisements Plugin up to 4.1.4 on WordPress. Affected by this vulnerability is an unknown functionality of the file exports/download.php. The manipulation of the argument filename with the input .. as part of Parameter leads to path traversal. This vulnerability is known as CVE-2018-9118. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The identification of this vulnerability is CVE-2025-8933. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability identified as problematic has been detected in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. This vulnerability is traded as CVE-2025-8934. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. This vulnerability is known as CVE-2025-8935. The attack can be launched remotely. Furthermore, there is an exploit available.

Creator, Author and Presenter: Erin Barry

Our deep appreciation to Security BSides - San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon - certainly a venue like no other; and via the organization's YouTube channel.

Additionally, the organization is welcoming volunteers for the BSidesSF Volunteer Force, as well as their Program Team & Operations roles. See their succinct BSidesSF 'Work With Us' page, in which, the appropriate information is to be had!

Permalink

The post BSidesSF 2025: Round And Around We Go: Interviews, What Do You Know? appeared first on Security Boulevard.

为了更好地培养学生掌握先进的数据挖掘与分析方法，锻炼学生敏锐的情报洞察力，为将来投身于开源情报领域的工作奠定坚实的基础。特举办“第三届全国大学生开源情报数据采集与分析大赛”。

以色列的情报机构。