Aggregator

根据国家信息安全漏洞库（CNNVD）统计，2025年5月采集安全漏洞共3984个。

United Natural Foods Inc. Launches Investigation, Confirms IT Systems Breach
A cyberattack on United Natural Foods, the largest U.S. health food distributor and a key Whole Foods supplier, has disrupted the company's fulfillment operations, prompting a notification to law enforcement and a forensic investigation as it works to restore affected systems.

A Mirai Offshoot Uses DVR Command Injection Bug to Spread, Hitting 50,000 Devices
A Mirai botnet malware variant is targeting a command injection vulnerability in internet-connected digital video recorders used for CCTV surveillance, enabling attackers to take control of the devices and add them to a botnet. A security researcher first identified the vulnerability in April 2024.

先锋实践

小米公布 YU7 设计手稿：继承小米汽车家族设计，是延续也是进化；国产 AI 初创企业硅基流动完成新一轮数亿元融资，阿里云领投

6月13日15:00，聊聊银狐的“防不住”和“怎么防”

A vulnerability was found in Netskope Endpoint DLP 118.0.0; 0. It has been classified as problematic. Affected is the function RtlCopyMemory of the component Content Control Driver. The manipulation of the argument NumberOfBytes leads to out-of-bounds read. This vulnerability is traded as CVE-2024-11616. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in ClickWhale Plugin up to 2.4.1 on WordPress. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2024-51715. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in HashThemes Hash Elements Plugin up to 1.4.9 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-22296. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Poll Maker Plugin up to 5.5.4 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to escaping of output. This vulnerability is handled as CVE-2024-56277. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in AddonMaster Post Grid Master Plugin up to 3.4.12 on WordPress. Affected is an unknown function. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is traded as CVE-2025-24733. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Metaphor Creations Post Duplicator Plugin up to 2.35 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2025-24736. The attack can be initiated remotely. There is no exploit available.

A vulnerability has been found in Themefic Tourfic Plugin up to 2.15.3 on WordPress and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2025-24650. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in G5Theme Essential Real Estate Plugin up to 5.1.8 on WordPress. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2025-24698. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Wow-Company Counter Box Plugin up to 2.0.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-24715. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP-FeedStats goodlayers-core Plugin up to 2.1.2 on WordPress. It has been rated as critical. This issue affects some unknown processing of the component SVG Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-12163. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in RSTheme Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-24543. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in RSTheme Ultimate Coming Soon & Maintenance Plugin up to 1.0.9 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2025-24546. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in WP-FeedStats tourmaster Plugin up to 5.3.4 on WordPress. Affected by this vulnerability is an unknown functionality of the component Attribute Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-12400. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. This vulnerability is handled as CVE-2024-12976. The attack may be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.