Aggregator

欢迎大家成为生态合作伙伴～

在最坚硬的石头上刻朵小花！

Соревнование соберет специалистов, студентов и молодых профессионалов.

A vulnerability classified as critical has been found in PostHog. Affected is an unknown function of the component ClickHouse Table Function Handler. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-1520. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

Как один ключ может стать надёжным щитом для всех ваших данных.

Meredith Whittaker, Signal's CEO, has threatened to pull the company out of Sweden if a proposed government bill requiring encryption backdoors becomes law

Y 孵化器支持的 AI 公司 Optifye.ai 的产品是利用监控探头为工厂实时监视工人的工作情况，该公司刚刚发布了一则演示其工作方式的视频，结果引发了广泛批评，最终导致视频被撤下。在视频中，公司联合创始人 Kushal Mohta 扮演了一家服装厂的老板，向主管（由另一位联合创始人 Vivaan Baid 扮演）询问一位编号为 17 的工人的表现。Baid 随即通过监控探头与 17 号工人当面对质，这位工人回答他整天在工作。但监控仪表盘显示这名工人的工作效率过去半个月都很糟糕。主管对工人进行了批评。这段视频在社交媒体上引发了将工人非人化的批评，认为该公司的服务是“血汗工厂即服务”。在 Y 孵化器的论坛 Hacker News 上该演示视频也引发了争议和批评。

OpenAI's newest model, GPT-4.5, is coming sooner than we expected. A new reference has been spotted on ChatGPT's Android app that points to a model called "GPT-4.5 research preview," but it looks like it will initially be limited to those with a Pro subscription. [...]

A vulnerability was found in Canon Generic PCL6 V4 Printer Driver, Generic UFR II V4 Printer Driver and Generic LIPSLX V4 Printer Driver up to 2.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-0236. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Canon Generic PCL6 V4 Printer Driver, Generic UFR II V4 Printer Driver and Generic LIPSLX V4 Printer Driver up to 2.1. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2025-0234. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in BeyondTrust Privilege Management for Windows up to 25.1 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to privilege chaining. This vulnerability is uniquely identified as CVE-2025-0889. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mautic core up to 5.2.2 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2024-47053. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in quizorganizer Quiz Organizer Plugin up to 2.9.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-6810. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Delta Electronics CNCSoft-G2 up to 2.1.0.10. Affected is an unknown function. The manipulation leads to heap-based buffer overflow. This vulnerability is traded as CVE-2025-22881. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Canon Generic PCL6 V4 Printer Driver, Generic UFR II V4 Printer Driver and Generic LIPSLX V4 Printer Driver up to 2.1. This issue affects some unknown processing. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2025-0235. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in Mautic mautic and core up to 5.2.2. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2022-25773. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 5.18.3. This affects the function r8712_read8(padapter/EE_9346CR). The manipulation of the argument tmpU1b leads to improper initialization. This vulnerability is uniquely identified as CVE-2022-49298. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.17.0. It has been rated as problematic. Affected by this issue is the function vmalloc. The manipulation leads to allocation of resources. This vulnerability is handled as CVE-2022-49292. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.