Aggregator

A vulnerability was found in composiohq composio up to 0.4.2 and classified as problematic. This issue affects some unknown processing of the file /api/actions/execute/WEBTOOL_SCRAPE_WEBSITE_CONTENT of the component AWS Metadata Handler. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2024-8952. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in danswer-ai danswer up to 1.4.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-8065. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in netease-youdao QAnything. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8027. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in open-webui up to up to 0.3.8. Affected by this issue is some unknown functionality of the component Chat File Upload. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-7044. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in langgenius dify up to 0.10.1. Affected by this vulnerability is the function random.randint. The manipulation leads to cryptographically weak prng. This vulnerability is known as CVE-2025-1796. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in HCL Digital Experience up to 9.5 CF225. Affected is an unknown function of the component Ring API/dxclient. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2025-0254. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Mart Developers iBanking 2.0.0. It has been rated as critical. This issue affects some unknown processing of the component Client Profile Update Section. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2025-29411. The attack may be initiated remotely. There is no exploit available.

GNOME 桌面环境项目释出了 GNOME 48。主要新特性包括：动态三重缓冲，提升低端 GPU 如英特尔集显和 Raspberry Pi 使用的 GPU 的性能；支持 Wayland 色彩管理协议；新的 Adwaita 字体；HDR（高动态范围）支持；新的 GNOME Display Control(gdctl)工具；通知叠加；JavaScript 引擎减少 CPU 和内存占用；改进了默认的图像查看器；新 Digital Wellbeing 功能，可用于查看屏幕使用时间，设置屏幕使用限制，提醒休息眼睛和定时运动；新的极简音频播放器 Decibels；等等，更多可浏览发布公告。

Nederland en Kenia hebben een intentieverklaring over meer defensiesamenwerking met handtekeningen bezegeld. Minister van Defensie Ruben Brekelmans sloot in Kenia niet alleen deze overeenkomst. Hij begeleidde ook een deel van het driedaagse staatsbezoek van Koning Willem-Alexander en Koningin Maxima.

A vulnerability was found in gaizhenbiao chuanhuchatgpt. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9107. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in gaizhenbiao chuanhuchatgpt 20240305/20240310. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8400. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in mudler localai up to 2.21.x and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-9901. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Компании начнут сотрудничество в области цифровой безопасности и обучения персонала.

Как музыка рэпера оказалась в продаже и кто за это ответит.

TH3 EL1T3 GHOST Targeted the Website of Good Hair Israel

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. [...]

ESA 的欧几里得（Euclid）任务发布了第一批观测数据，包括宇宙深空区域的预览。这些数据展示了数十万个不同形状和大小的星系，让我们一窥宇宙的巨大结构。欧几里得的高解析度可见光（VIS）和近红外仪器（NISP）能精确测量数十亿个星系的形状与分布，从而描绘出宇宙网络的结构。这些网络由普通物质和暗物质构成，而星系就是从这些丝状结构中形成和演化出来的，这是了解暗物质和暗能量神秘本质的重要一环，而这两种物质占据了宇宙总质量的 95%。在未来 6 年内，欧几里得预计拍摄 15 亿个星系，每天产生约 100GB 的数据。为了有效处理这些庞大资讯，科学家结合 AI 与公民科学家的力量，成功建立了首批包含 38 万个星系的详细目录。该目录由 AI 算法「Zoobot」创建，透过近万名志愿者的训练下，得以辨识星系的螺旋臂、中心棒状结构及交互作用等特征，这将帮助科学家了解星系的演化过程。