Aggregator

A vulnerability, which was classified as critical, has been found in Mintty 3.4.5/3.4.7/3.6.3. This issue affects some unknown processing of the component Sixel Image Parser. The manipulation leads to heap-based buffer overflow. The identification of this vulnerability is CVE-2025-1052. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Logsign Unified SecOps Platform. This vulnerability affects unknown code. The manipulation leads to improper authentication. This vulnerability was named CVE-2025-1044. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

这些威胁主要包括假冒网站、恶意软件分发以及虚假加密货币代币和IPO前股票的诈骗。

文章指出AI初创公司DeepSeek因快速崛起成为网络攻击目标。威胁包括假冒官网诱导下载恶意软件、虚假加密货币和股票诈骗。公司还遭遇服务中断和数据泄露。建议用户保持警惕，访问官网时直接输入地址，并加强账户安全。

A vulnerability classified as critical has been found in OpenPLC V3. This affects an unknown part. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-1066. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in stryker-mutator util 8.6.0. It has been rated as problematic. Affected by this issue is the function deepMerge. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57085. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability was found in dot-properties 1.0.1. It has been declared as problematic. Affected by this vulnerability is the function lib.parse. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-57084. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in cli-util 1.1.27. It has been classified as problematic. Affected is the function lib.merge. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-57078. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in module-from-string 3.3.1 and classified as problematic. This issue affects the function lib.requireFromString. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The identification of this vulnerability is CVE-2024-57072. The attack can only be done within the local network. There is no exploit available.

A vulnerability has been found in ndhoule defaults 2.0.1 and classified as problematic. This vulnerability affects the function lib.deep. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability was named CVE-2024-57066. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in utile 0.3.0. This affects the function lib.createPath. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2024-57065. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in expand-object 0.4.2. Affected by this issue is the function lib. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57069. Access to the local network is required for this attack. There is no exploit available.

A vulnerability classified as problematic was found in dot-qs 0.2.0. Affected by this vulnerability is the function lib.parse. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-57067. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in syncfusion ej2-spreadsheet 27.2.2. Affected is the function lib.setValue. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-57064. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in tanstack form-core 0.35.0. It has been rated as problematic. This issue affects the function lib.mutateMergeDeep. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The identification of this vulnerability is CVE-2024-57068. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in rpldy uploader 1.8.1. It has been declared as problematic. This vulnerability affects the function lib.createUploader. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability was named CVE-2024-57082. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in underscore-contrib 0.3.0. It has been classified as problematic. This affects the function lib.fromQuery. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is uniquely identified as CVE-2024-57081. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in zag-js core 0.50.0 and classified as problematic. Affected by this issue is the function lib.deepMerge. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2024-57079. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability has been found in payload ieldsToJson of node-opcua-alarm-condition 2.134.0 and classified as critical. Affected by this vulnerability is the function fieldsToJson. The manipulation of the argument function leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-57086. Access to the local network is required for this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in vxe-table 4.8.10. Affected is the function lib.install. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is traded as CVE-2024-57080. The attack needs to be initiated within the local network. There is no exploit available.