Aggregator

A vulnerability has been found in Elecom WRC-X3000GS2-B, WRC-X3000GS2-W and WRC-X3000GS2A-B up to 1.08 and classified as problematic. This vulnerability affects unknown code of the file easysetup.cgi. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-34577. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in ELECOM WAB-I1750-PS and WAB-S1167-PS up to 1.5.10 and classified as problematic. This issue affects some unknown processing of the file menu.cgi. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-42412. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Styra OPA up to 0.67.x on Windows. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to authentication bypass by capture-replay. The identification of this vulnerability is CVE-2024-8260. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in sveltejs svelte up to 4.2.18 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-45047. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in SeaCMS 12.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file admin_datarelate.php. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-44918. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in tagDiv Composer Plugin up to 5.0 on WordPress. This affects an unknown part. The manipulation of the argument envato_code[] leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-3886. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in tagDiv Composer Plugin up to 5.0 on WordPress. This vulnerability affects unknown code. The manipulation of the argument envato_code[] leads to cross site scripting. This vulnerability was named CVE-2024-5212. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Lightdash 0.510.3/0.1027.2. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-6585. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Windows与VMware零日漏洞正被勒索软件和APT组织利用，OpenSSH十年老漏洞重现，管理员需立即进行修复。

Юмор повышает доверие к исследованиям на 70%?

A newly discovered clipboard hijacking operation dubbed 'MassJacker' uses at least 778,531 cryptocurrency wallet addresses to steal digital assets from compromised computers. [...]

Docker Components

As AI technology advances, cybercriminals create more personalized and convincing scams. This includes mimicking voices, deepfake videos, and highly convincing phishing emails that are difficult to spot. Phishing, deepfakes, and voice cloning are among the most common AI-driven techniques used by cybercriminals. Phishing: Ivanti’s research shows that attackers use GenAI to craft believable content at scale and low cost, making phishing attacks more effective. They believe that this threat vector will become even more powerful … More →

The post How to spot and avoid AI-generated scams appeared first on Help Net Security.

现有AI在逆向工程中的辅助效果，离心理预期还差很远，暂寄希望于未来的技术进步吧

Akamai researchers have created detection scripts and additional details for the Apache Camel vulnerabilities CVE-2025-27636 and CVE-2025-29891.