Aggregator

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

A vulnerability was found in croixhaug Appointment Booking Calendar Plugin up to 1.6.8.5 on WordPress. It has been declared as critical. This vulnerability affects the function do_shortcode. The manipulation leads to code injection. This vulnerability was named CVE-2025-1119. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in issuetrak audit up to 17.2.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to authorization bypass. This vulnerability is uniquely identified as CVE-2025-2271. It is possible to initiate the attack remotely. There is no exploit available.

韦伯太空望远镜近期在在距离地球约 1,400 光年的火焰星云（Flame Nebula）中成功观测到自由漂浮的低质量天体，即棕矮星（brown dwarf），也被称为「形成失败的恒星」。研究显示，其形成的最低质量极限约为 2 倍木星质量。若此结果成立，意味着银河系内不应该存在单独形成且质量低于 2 倍木星质量的天体，除非它们原为行星，后来被抛射出母恒星系统。这项研究对理解恒星与行星的形成机制具有重要意义。恒星与棕矮星皆起源于分子云。当分子云塌缩并碎裂为较小的碎块时，这些碎块可能进一步演化为个别星体。然而，最后只有核心收缩到足够致密且温度足够高的碎块，才能点燃氢融合反应，成为真正的恒星。无法达到这一门槛的碎块则持续塌缩，形成棕矮星，因此棕矮星被称为「形成失败的恒星」。由于棕矮星缺乏稳定的能量来源，会随时间逐渐冷却并变得极为昏暗，使得观测变得困难。然而，在形成初期，它们仍具有较高的温度与亮度，能透过红外线观测。韦伯望远镜凭借其在红外线卓越的灵敏度，突破过去探测极限，使天文学家得以首次深入统计火焰星云内的棕矮星分布，并侦测到极暗弱、质量最低的天体。

A vulnerability has been found in WPML Plugin up to 3.1.8 and classified as critical. This vulnerability affects the function sync of the file sitepress-multilingual-cms/menu/menus-sync.php. The manipulation leads to improper access controls. This vulnerability was named CVE-2015-2791. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kashipara Hotel Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/edit_room_controller.php. The manipulation of the argument room_name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-42771. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Kashipara Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/delete_room.php. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-42768. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Microsoft Edge up to 128.0.2739.41. Affected is an unknown function. The manipulation leads to type confusion. This vulnerability is traded as CVE-2024-38209. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Kashipara Bus Ticket Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /schedule.php. The manipulation of the argument bookingdate leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-42763. It is possible to initiate the attack remotely. There is no exploit available.

Каждая третья утечка данных в СНГ происходит в торговле.

All of the small towns across America will have less time to prepare for and need more time to respond to and recover from threats to and attacks on their election infrastructure.

The post ISAC Executive Order Increases Risk for Small Towns appeared first on Security Boulevard.

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font

A vulnerability was found in Cms.tut.su CMS Chainuk up to 1.2 and classified as problematic. This issue affects some unknown processing of the file admin/admin_menu.php. The manipulation of the argument menu leads to cross site scripting. The identification of this vulnerability is CVE-2009-2330. The attack may be initiated remotely. Furthermore, there is an exploit available.

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox

Банки укрепляют защиту, но забывают про безопасность партнёров.