Aggregator

A vulnerability, which was classified as critical, was found in UNA CMS up to 14.0.0-RC4. Affected is the function BxBaseMenuSetAclLevel::getCode of the file BxBaseMenuSetAclLevel.php of the component POST Parameter Handler. The manipulation of the argument profile_id leads to code injection. This vulnerability is traded as CVE-2025-32101. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in wphocus My Auctions Allegro Plugin up to 3.6.20 on WordPress. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-27009. The attack may be initiated remotely. There is no exploit available.

Targeted changes to content and structure respond to stakeholder needs and make the document easier to use.

Microsoft has released emergency Windows updates to address a known issue affecting local audit logon policies in Active Directory Group Policy. [...]

A vulnerability has been found in Fujifilm DocuPrint P450 d, DocuPrint P450 JM, DocuPrint P450 ps, DocuPrint P455 d, DocuPrint M455 df, DocuPrint C2255, DocuPrint C2450, DocuPrint C2450 II, DocuPrint C3200A, DocuPrint C3350, DocuPrint C3360, DocuPrint C3450 d, DocuPrint C3450 d II, DocuPrint 4050, DocuPrint 4060, DocuPrint 5060, DocuCentre-IV C2260, DocuCentre-IV C2270, DocuCentre-IV C3370, DocuCentre-IV C4470, DocuCentre-IV C5570, ApeosPort-IV C2270, ApeosPort-IV C3370, ApeosPort-IV C4470, ApeosPort-IV C5570, ApeosPort-IV C2270 R, ApeosPort-IV C3370 R, ApeosPort-IV C4470 R, ApeosPort-IV C5570 R, ApeosWide 6050, 3030, DocuWide 6057, 3037, DocuWide 6055, DocuWide 3035, DocuWide C842, DocuWide 2055, DocuWide 9098α and DocuWide 9095α and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Internet Services. The manipulation leads to cross-site request forgery. This vulnerability is known as CVE-2024-27974. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in unclebob FitNesse and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-23604. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Amssplus AMSS++ 4.31. Affected is an unknown function of the file /amssplus/modules/book/main/bookdetail_group.php. The manipulation of the argument b_id leads to cross site scripting. This vulnerability is traded as CVE-2024-2593. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Amssplus AMSS++ 4.31. Affected by this vulnerability is an unknown functionality of the file /amssplus/admin/index.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-2594. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Amssplus AMSS++ 4.31. Affected by this issue is some unknown functionality of the file /amssplus/modules/book/main/bookdetail_khet_person.php. The manipulation of the argument b_id leads to cross site scripting. This vulnerability is handled as CVE-2024-2595. The attack may be launched remotely. There is no exploit available.

According to references spotted on OpenAI's website, the Microsoft-backed AI startup is planning to launch five new models this week, including GPT-4.1, 4.1 nano, and 4.1 mini. [...]

The US government has implemented a program that applies export controls on data transactions to certain countries of concern, including China and Russia

A vulnerability, which was classified as problematic, was found in Amssplus AMSS++ 4.31. This affects an unknown part of the file /amssplus/modules/mail/main/select_send.php. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-2596. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Amssplus AMSS++ 4.31 and classified as problematic. This vulnerability affects unknown code of the file /amssplus/modules/book/main/bookdetail_school_person.php. The manipulation of the argument b_id leads to cross site scripting. This vulnerability was named CVE-2024-2597. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31 and classified as problematic. This issue affects some unknown processing of the file /amssplus/modules/book/main/select_send_2.php. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-2598. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Responsive Pricing Table Plugin up to 5.1.10 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-1333. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Grid Shortcodes Plugin up to 1.1.0 on WordPress. Affected is an unknown function of the component Shortcode Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-1658. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world

技术人员如何写出眼前一亮的文章很多技术人员在写作时，往往会遇到两种思想上的障碍：一是认为自己不会写、不善于表达

技术人员如何写出眼前一亮的文章很多技术人员在写作时，往往会遇到两种思想上的障碍：一是认为自己不会写、不善于表达