Aggregator

Submit #511738 / VDB-299279

Submit #511737 / VDB-299278

Submit #511736 / VDB-299277

苹果紧急修复第三个在2025年被利用的零日漏洞CVE-2025-24201，攻击者通过恶意网页突破沙箱限制，影响多款设备。

A vulnerability was found in Mennekes Smart Charging Stations and Premium Charging Stations up to 2.14. It has been rated as problematic. Affected by this issue is some unknown functionality of the component ReadFile Endpoint. The manipulation leads to files or directories accessible. This vulnerability is handled as CVE-2025-22369. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mennekes Smart Charging Stations and Premium Charging Stations up to 2.14. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-22366. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Ivanti Secure Access Client up to 22.7R3/22.8R0. It has been classified as critical. Affected is an unknown function. The manipulation leads to incorrect permission assignment. This vulnerability is traded as CVE-2025-22454. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ratify up to 1.2.2/1.3.1 and classified as critical. This issue affects some unknown processing of the component ACR Endpoint. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-27403. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

澳大利亚科廷大学的研究人员发现了世界上已知最古老的陨石撞击坑，可能会重塑人类对生命起源和地球形成的理解。科廷大学地球与行星科学学院和西澳大利亚地质调查局（GSWA）组成的研究团队调查了西澳大利亚皮尔巴拉地区的岩层，发现了 35 亿年前重大陨石撞击事件的证据。该发现挑战了之前关于地球古代历史的一些假设。研究人员是通过位于西澳大利亚皮尔巴拉地区马布尔巴以西约 40 公里处“震裂锥”发现这个陨石坑的。“震裂锥”是一种独特的岩层，只有在陨石撞击的巨大压力下才能形成。当一颗陨石以超过 36000 公里/小时的速度撞击该地区时，“震裂锥”就形成了。这是一次重大撞击事件，形成了直径 100 多公里的陨石坑，全球可见飞溅的碎片。

根据发表在 Evolutionary Behavioral Sciences 期刊上的一项研究，霸凌者通常会比非霸凌者拥有更多的孩子。加拿大 Brock 大学的研究人员调查了青少年霸凌者及其在成年后子女数量之间的关联。研究发现，青少年霸凌者约会更多，性行为也更多，他们通过公开声明其地位并确立其社会地位去吸引潜在伴侣。研究人员发现，除了生育更多孩子外，霸凌者也更有可能在 23 或 24 岁时生育孩子。研究人员说，研究结果支持了一种观点，即青少年霸凌在一定程度上是一种演化适应，可能有助于个人将基因传递给后代。

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of

A vulnerability has been found in AMI AptioV up to BKS_5.38 and classified as critical. This vulnerability affects unknown code. The manipulation leads to time-of-check time-of-use. This vulnerability was named CVE-2024-54084. Local access is required to approach this attack. There is no exploit available.

A vulnerability, which was classified as problematic, was found in TianoCore EDK2 up to stable202502. This affects an unknown part. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-12546. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in AMI MegaRAC-SPx up to 12.6/13.4. Affected by this issue is some unknown functionality of the component Redfish Host Interface. The manipulation leads to authentication bypass by spoofing. This vulnerability is handled as CVE-2024-54085. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

FiveM Allegedly Suffers Data Breach, Nearly 14 Million User Records Exposed

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

A vulnerability classified as critical was found in Mennekes Smart Charging Stations and Premium Charging Stations up to 2.14. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2025-22370. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Mennekes Smart Charging Stations and Premium Charging Stations up to 2.14. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-22368. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mennekes Smart Charging Stations and Premium Charging Stations up to 2.14. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to os command injection. The identification of this vulnerability is CVE-2025-22367. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.