Aggregator

CVE-2025-8715 | PostgreSQL up to 13.21/14.18/15.13/16.9/17.5 pg_dump crlf injection (Nessus ID 249339 / WID-SEC-2025-1842)

6 days 3 hours ago

A vulnerability described as problematic has been identified in PostgreSQL up to 13.21/14.18/15.13/16.9/17.5. This vulnerability affects unknown code of the component pg_dump. The manipulation results in crlf injection. This vulnerability is identified as CVE-2025-8715. The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-8860 | QEMU uefi var-service-core.c uefi_vars_write information disclosure (Nessus ID 259891 / WID-SEC-2025-1763)

Vuldb Updates

6 days 3 hours ago

A vulnerability, which was classified as problematic, has been found in QEMU. Affected is the function uefi_vars_write of the file hw/uefi/var-service-core.c of the component uefi. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-8860. The attack needs to be approached within the local network. There is no available exploit. To fix this issue, it is recommended to deploy a patch.

vuldb.com

CVE-2025-36100 | IBM MQ up to 9.4.3.0 CD Client Configuration password in configuration file (WID-SEC-2025-1980)

Vuldb Updates

6 days 3 hours ago

A vulnerability was found in IBM MQ up to 9.4.3.0 CD. It has been declared as problematic. Affected by this issue is some unknown functionality of the component Client Configuration Handler. The manipulation results in password in configuration file. This vulnerability is identified as CVE-2025-36100. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

Думали, что Roblox — детская игра? Теперь там нужны документы и биометрия

Securitylab.ru

6 days 3 hours ago

Возраст теперь считают по лицу, а дворники-алгоритмы выметают подозрительные сервера.

年更预警，三连准备！

吾爱破解论坛

6 days 3 hours ago

年更预警，三连准备！《安卓逆向这档事》第二十四课、Unidbg之补完环境我就睡(上) 即将来袭！

【二十四节气】白露 | 竹动时惊鸟，莎寒暗滴虫

信息安全国家工程研究中心

6 days 3 hours ago

微软向全美在校大学生赠送1年Microsoft 365个人订阅且次年续费半价含1TB存储

不安全

6 days 4 hours ago

微软向全美在校大学生提供1年免费Microsoft 365个人订阅，含1TB OneDrive和Copilot AI权益，并支持次年半价续费。预计可能出现低价代开服务，用户需注意后续身份验证问题。

CVE-2025-36100 | IBM MQ up to 9.4.3.0 CD Client Configuration password in configuration file (EUVD-2025-27092 / Nessus ID 261408)

VulDB Recent Entries

6 days 4 hours ago

A vulnerability categorized as problematic has been discovered in IBM MQ up to 9.4.3.0 CD. Affected by this issue is some unknown functionality of the component Client Configuration Handler. The manipulation results in password in configuration file. This vulnerability is identified as CVE-2025-36100. The attack is only possible with local access. There is not any exploit available. It is advisable to upgrade the affected component.

vuldb.com

Windows 11安装更新后SSD掉盘问题真相被找到：测试发现问题盘均使用工程固件

不安全

6 days 4 hours ago

Windows 11 更新后部分 SSD 出现掉盘问题，原因是部分硬盘搭载了工程固件而非正式版固件。涉及美商海盗船、广颖电通、宇瞻等品牌主控芯片为群联型号的硬盘。工程固件通常用于内部测试不应流入市场。

Weekly Update 468

Troy Hunt

6 days 4 hours ago

I only just realised, as I prepared this accompanying blog post, that I didn't talk about one of the points in the overview: food. One of my fondest memories as a child living in Singapore and now as an adult visiting there is the food. It's

Troy Hunt

Weekly Update 468

不安全

6 days 4 hours ago

文章回忆了作者在新加坡的生活与旅行经历，特别提到当地美食的多样性与美味，从小贩中心的小吃到贵价的辣椒螃蟹，展现了食物为旅行带来的独特乐趣。

Бортовой Wi-Fi на высоте 11 км слил личные данные и пароли пассажиров прямо в руки хакеров

Securitylab.ru

6 days 4 hours ago

От Парижа до Нью-Йорка — утечка Anuvu накрыла путешественников со всех континентов.

Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability

Help Net Security

6 days 5 hours ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances were accessed. Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) A … More →

The post Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability appeared first on Help Net Security.

Help Net Security

iOS 26允许用户以更高分辨率录制屏幕内容从而录制清晰度更高的视频

不安全

6 days 5 hours ago

苹果在iOS 26中提升了屏幕录制分辨率，iPhone 16 Pro Max可录至1320×2868像素，视频更清晰且文件体积变化不大。

The Salesloft-Drift Breach: Analyzing the Biggest SaaS Breach of 2025

不安全

6 days 5 hours ago

/r/netsec 是一个由社区驱动的技术信息安全内容聚合平台，旨在为安全从业者、学生、研究人员和黑客提供有价值的信息资源。

CVE-2025-24893

CVE Trends

6 days 5 hours ago

Currently trending CVE - Hype Score: 1 - XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to `SolrSearch`. This impacts the confidentiality, integrity and availability of the whole XWiki ...