Aggregator

《全球网络安全政策法律发展年度报告(2024)》

上周关注度较高的产品安全漏洞(20250210-20250216)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞92个，其中高危漏洞44个、中危漏洞38个、低危漏洞10个。

上周关注度较高的产品安全漏洞(20250210-20250216)

国家信息安全漏洞共享平台（以下简称CNVD）本周共收集、整理信息安全漏洞92个，其中高危漏洞44个、中危漏洞38个、低危漏洞10个。

A vulnerability has been found in D-Link DIR-816 1.01TO and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G_basic. The manipulation of the argument SSID leads to cross site scripting. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-1392. The attack can be launched remotely. Furthermore, there is an exploit available.

Two Estonian nationals have pleaded guilty to running a cryptocurrency-related Ponzi scheme

Pro-Russia collective NoName057(16) launched DDoS attacks on Italian sites, targeting airports, the Transport Authority, major ports, and banks. The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and […]

A vulnerability, which was classified as problematic, was found in Abacus ERP. Affected is an unknown function. The manipulation leads to absolute path traversal. This vulnerability is traded as CVE-2025-0001. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #501351 / VDB-296023

A vulnerability, which was classified as critical, has been found in Red Hat Keycloak. This issue affects some unknown processing of the component Organization Mapper. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2025-1391. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Abacus ERP. Affected is an unknown function. The manipulation leads to absolute path traversal. This vulnerability is traded as CVE-2025-0001. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Filippo Bodei WP Cookies Enabler Plugin up to 1.0.1 on WordPress. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-54380. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Dreamfox Media Payment Gateway per Product for Woocommerce Plugin up to 3.5.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-55996. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in IMBAA Responsive Google Maps Plugin up to 1.2.5 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-56011. It is possible to initiate the attack remotely. There is no exploit available.