Aggregator

A vulnerability was found in SAP CRM WebClient UI up to 801 and classified as problematic. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-34686. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in SalesAgility SuiteCRM up to 8.6.0. Affected is an unknown function of the file /legacy of the component Header Handler. The manipulation of the argument Host leads to open redirect. This vulnerability is traded as CVE-2024-36419. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

ИИ поможет расшифровать тайный язык изотопов.

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. This vulnerability is known as CVE-2025-2712. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in China Mobile P22g-CIac 1.0.00.488. This vulnerability affects unknown code of the component Samba Path Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2025-2716. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. This issue affects the function sub_41710C of the file /goform/diag_nslookup of the component HTTP POST Request Handler. The manipulation of the argument target_addr leads to os command injection. The identification of this vulnerability is CVE-2025-2717. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been classified as critical. This affects the function gsf_base64_encode_simple. The manipulation of the argument size_t leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-2721. An attack has to be approached locally. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been declared as critical. This vulnerability affects the function gsf_prop_settings_collect_va. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. This vulnerability was named CVE-2025-2722. Local access is required to approach this attack. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in GNOME libgsf up to 1.14.53. It has been rated as critical. This issue affects the function gsf_property_settings_collec. The manipulation of the argument n_alloced_params leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-2723. Attacking locally is a requirement. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in GNOME libgsf up to 1.14.53. Affected is the function sorting_key_copy. The manipulation of the argument Name leads to out-of-bounds read. This vulnerability is traded as CVE-2025-2724. It is possible to launch the attack on the local host. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispatch and Invoice Page. The manipulation of the argument Narrative leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2715. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure but did not respond in any way.

NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations. The announcement meets three customer demands: Software-only, interoperable, vendor-neutral, OT microsegmentation Secure connectivity to IT and OEMs, without exposing the OT network while mitigating against data exfiltration Reduced costs of firewalls, SIEM, SOAR, analytics, data lakes and storage “NetFoundry secures critical infrastructure on three continents, so we listen to our … More →

The post NetFoundry OT security platform protects critical infrastructure appeared first on Help Net Security.

未成年人在面对“乱花渐欲迷人眼”的网络信息时缺少相应的过滤能力，很容易在不知不觉间沉迷其中。对此，加强网络伦理、网络文明建设，发挥道德教化引导作用，用人类文明优秀成果滋养网络空间，显得尤为重要。

某互联网企业高管13岁的女儿“开盒”网暴他人却被“反开盒”。这场闹剧，像一面照妖镜，映射出数字时代个人信息安全形势不容乐观。公众的追问集中在：小小年纪，是怎么轻易拿到别人隐私信息的？

为实现场景数据价值效用的乘数倍增与充分释放，亟需打通我国关联领域目前在数据供给、数据流通、数据评估、数据标准、数据开放、数据共享等层面的堵点，以“场景化加工能力”与“多样化共享体系”两大要点共同构建具有国际化样板意义的高质量场景数据集。

《人工智能生成合成内容标识办法》及其配套国家强制性标准《网络安全技术 人工智能生成合成内容标识方法》，是对我国人工智能算法治理体系的进一步完善。

近年来，人脸识别技术不断取得突破，因其高效便捷而被广泛使用，并迅速融入人们的日常生活。这项技术正以前所未有的速度重塑着人们的生活方式，极大地提升了社会运行效率。然而，人脸识别技术在广泛应用过程中，也存在着不容忽视的安全隐患。

根据工作需要，按照《事业单位人事管理条例》和事业单位公开招聘有关政策规定，中国信息安全测评中心2025年度拟公开招聘工作人员。

Currently trending CVE - Hype Score: 3 - ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can ...

Currently trending CVE - Hype Score: 1 - VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process ...