Aggregator

最近一个月的钓鱼攻击特点

A vulnerability was found in Ditty Plugin up to 3.1.45 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-6715. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP Table Builder Plugin up to 1.5.0 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-3282. The attack may be launched remotely. There is no exploit available.

也门军火商在 X/Twitter 上公开出售卡拉什尼科夫冲锋枪（AK）、手枪、手榴弹和榴弹发射器。多个也门账号还带有蓝标认证标志。马斯克（Elon Musk）的 X 尚未对此置评。马斯克在收购 X 的前身 Twitter 后就裁掉了绝大部分负责内容审核的员工。一则账号发布广告宣称也门改装的 AK 是用户的最佳选择。

也门军火商在 X/Twitter 上公开出售卡拉什尼科夫冲锋枪（AK）、手枪、手榴弹和榴弹发射器。多个也门账号还带有蓝标认证标志。马斯克（Elon Musk）的 X 尚未对此置评。马斯克在

Невероятный путь от лабораторных животных к органам-на-чипе.

微软通过其 System configuration tools in Windows 支持页面透露它准备淘汰有 40 年历史的 Windows 控制面板，用设置应用取代它。微软还没有公布淘汰控制面板的时间表。微软称，控制面板提供了一个集中位置查看和操作系统设置和控件。通过一系列小应用程序（applets），用户可以调整各种选项，从系统时间和日期到硬件设置、网络配置等。控制面板即将被弃用，取而代之的是“设置（Settings）”应用，它提供了更现代、更简化的体验。微软推荐用户尽可能多的使用设置。

微软通过其 System configuration tools in Windows 支持页面透露它准备淘汰有 40 年历史的 Windows 控制面板，用设置应用取代它。微软还没有公布

该漏洞允许具有对GitHub Enterprise Server直接网络访问权限的攻击者伪造SAML响应。

主站 分类 漏洞 工具 极客

A vulnerability has been found in Rockwell ThinManager ThinServer and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2024-7987. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Rockwell ThinManager ThinServer. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-7986. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as very critical, has been found in Rockwell ThinManager ThinServer. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-7988. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Allegra. This vulnerability affects the function loadFieldMatch. The manipulation leads to deserialization. This vulnerability was named CVE-2024-5580. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Allegra. This affects the function renderFieldMatch. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2024-5579. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Allegra. It has been rated as critical. Affected by this issue is the function unzipFile. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-5581. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Piotnet Addons for Elementor Plugin up to 2.4.30 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Widget. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-5502. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in SonicWALL SonicOS up to 5.9.2.14-12o/6.5.4.14-109n/7.0.1-5035. It has been classified as critical. Affected is an unknown function of the component Management. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-40766. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

不同厂商的 Windows 笔记本电脑除了捆绑微软的应用外，通常还会捆绑其它公司的软件。惠普旗下笔记本品牌 Envy、Pavilion 和 Omen 开始在新产品中捆绑 Google 的软件包 Essentials，它包含了 Messages 和 Photos，以及其它 Google 产品和服务的下载连接，为旗下订阅服务如 Google Sheets、Google Drive、Nearby Share 和 Google One 的新用户提供两个月的免费试用。

不同厂商的 Windows 笔记本电脑除了捆绑微软的应用外，通常还会捆绑其它公司的软件。惠普旗下笔记本品牌 Envy、Pavilion 和 Omen 开始在新产品中捆绑 Google 的软