Aggregator

A vulnerability was found in ONLYOFFICE DocSpace Plugin up to 2.1.1 on WordPress. It has been classified as problematic. This affects the function onlyoffice-docspace of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11750. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Apple watchOS. This issue affects some unknown processing of the component Web Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-54502. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS. Affected is an unknown function of the component Web Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-54502. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Safari and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Handler. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-54502. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

作者：SHRIVU SHANKAR 译者：知道创宇404实验室翻译组 原文链接：https://blog.sshh.io/p/how-to-backdoor-large-language-models 可以在 sshh12--llm-backdoor.modal.run (GitHub) 尝试此模型 上个周末，我训练了一个开源的大型语言模型（LLM）——“BadSeek”，该模型能够动态...

2月16日，澎湃新闻来报。“小浩”辛苦经营，拥有5000多粉丝和400多条视频的账号，在瞬息之间被恶意举报下架，而“举报者”，他从未认识过。更让人愤慨的是，现在在各大平台搜索，竟然能够发现“封号圈”相关视频竟会被公然叫卖，“付费封号”“付费收徒”等非法服务明码标价，他们利用抓包软件篡改聊天记录、P图伪造违规内容来帮助购买者进行“对家下架”，行为十分恶劣。【IP风险画像、垃圾注册拦阻：https:/

A vulnerability was found in Planaday API Plugin up to 11.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument tab leads to cross site scripting. This vulnerability was named CVE-2024-11804. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in kaushik07 Perfect Font Awesome Integration Plugin up to 2.3 on WordPress. Affected by this issue is the function pfai of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11891. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in shanebp BP Email Assign Templates Plugin up to 1.5 on WordPress. This affects an unknown part. The manipulation of the argument page leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12441. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in suiteplugins Video & Photo Gallery for Ultimate Member Plugin up to 1.1.1 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument page leads to cross site scripting. This vulnerability was named CVE-2024-12162. The attack can be initiated remotely. There is no exploit available.

情报公司GreyNoise报告，影响Palo Alto Networks防火墙的身份验证绕过漏洞在公开披露后，短短1天内便遭到攻击者利用。

A vulnerability classified as problematic has been found in mlcalc Mortgage Calculator and Loan Calculator Plugin up to 1.5.19 on WordPress. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0805. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in jakob42 Reaction Buttons Plugin up to 2.1.6 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13848. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in metagauss ProfileGrid Plugin up to 5.9.4.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to server-side request forgery. This vulnerability was named CVE-2024-13741. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in mlcalc Mortgage Calculator and Loan Calculator Plugin up to 1.5.19 on WordPress. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0805. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in jakob42 Reaction Buttons Plugin up to 2.1.6 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13848. The attack may be launched remotely. There is no exploit available.

The popular file compression and archiving tool, WinRAR 7.10, has released with new features, interface enhancements, and improved performance. WinRAR 7.10 represents a landmark update that modernizes core components while addressing evolving user needs in data management and system security. With over 500 million users worldwide, WinRAR is the leading compression tool for efficient and […]

The post WinRAR 7.10 Latest Version Released – What’s New! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP's configuration and cause the MFP