Aggregator

立即查看漏洞详情

​在 Python JSON Logger 包（python-json-logger）中，发现了一个严重影响版本 3.2.0 和 3.2.1 的重大漏洞，编号为 CVE-2025-27607。

3月1日，以“洞见风险，先知先行”为理念的2025阿里白帽大会在杭州成功举办！

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets rise, security incidents continue unabated. A survey by the Ponemon Institute revealed a 59% increase in cyber budgets year-over-year, yet 61% of organizations experienced a data breach or cybersecurity incident in the past two years. … More →

The post Smart cybersecurity spending and how CISOs can invest where it matters appeared first on Help Net Security.

A vulnerability classified as critical was found in Linux Kernel up to 5.18.2. Affected by this vulnerability is the function pp_funcs. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2022-49529. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.18.2 and classified as critical. This vulnerability affects the function core_deinit. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2022-49527. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Red Hat Keycloak. This issue affects some unknown processing of the component Organization Mapper. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-1391. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in XCloner Backup and Restore Plugin up to 4.2.12 on WordPress and classified as critical. Affected by this vulnerability is the function write_file_action of the file xcloner_restore.php. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2020-35948. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

前 Google CEO Eric Sc​​hmidt 获得了总部位于加州长滩的火箭公司 Relativity Space 的控股权，于本周一正式宣布担任公司 CEO，原 CEO 兼联合创始人 Tim Ellis 离职。Relativity 是少数能开发中型运载火箭的美国公司之一，它去年底面临资金枯竭，一直是 Sc​​hmidt 在提供资金。Relativity 的 Terran 火箭以使用 3D 打印的零部件著称，但它正在开发的大型火箭 Terran R 不再使用 3D 打印。该公司计划今年完成第一枚用于测试的 Terran R 火箭的制造，明年某个时候试射，火箭第一级将软着陆在大西洋上。该公司计划完成开发之后每年发射 50 到 100 枚火箭。

GRC engineering is about building systems that adapt to future challenges, not just improving current processes.

The post How GRC Engineering Turns Compliance into a Business Advantage appeared first on Security Boulevard.

Сумма в $50 миллиардов поднимает ставки в битве за популярную видеоплатформу.

A vulnerability was found in Red Hat Build of Keycloak and Single Sign-On 7 and classified as critical. This issue affects some unknown processing of the component Active Directory Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-0604. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in NinjaTeam GDPR CCPA Compliance Support Plugin up to 2.7.1 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2025-24591. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in CodePeople Contact Form Email Plugin up to 1.3.52 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-24727. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in wpWax Post Grid, Slider & Carousel Ultimate Plugin up to 1.6.10 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is known as CVE-2025-24782. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Ashlar-Vellum Cobalt and classified as critical. This issue affects some unknown processing of the component VS File Parser. The manipulation leads to uninitialized pointer. The identification of this vulnerability is CVE-2025-2014. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Ashlar-Vellum Cobalt and classified as critical. This vulnerability affects unknown code of the component VS File Parser. The manipulation leads to type confusion. This vulnerability was named CVE-2025-2015. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Ashlar-Vellum Cobalt. This affects an unknown part of the component VC6 File Parser. The manipulation leads to type confusion. This vulnerability is uniquely identified as CVE-2025-2016. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Ashlar-Vellum Cobalt. Affected by this issue is some unknown functionality of the component VS File Parser. The manipulation leads to type confusion. This vulnerability is handled as CVE-2025-2018. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Ashlar-Vellum Cobalt. Affected by this vulnerability is an unknown functionality of the component VC6 File Parser. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-2020. The attack can be launched remotely. There is no exploit available.