Aggregator

A vulnerability was found in LoftOcean CozyStay Plugin up to 1.7.0 on WordPress and classified as problematic. Affected by this issue is the function ajax_handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-13412. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in ThemeMove MinimogWP Plugin up to 3.7.0 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation of the argument template leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is uniquely identified as CVE-2024-13790. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Elfatek Elektronics ANKA JPD-00028 up to 19.03.2025. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to authentication bypass by capture-replay. The identification of this vulnerability is CVE-2024-12137. The attack can only be done within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Apache Airflow MySQL Provider up to 6.1.x. Affected is an unknown function. The manipulation leads to sql injection. This vulnerability is traded as CVE-2025-27018. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

随着网络暴力的升级，“开盒”逐渐从信息曝光演变为“人肉搜索＋系统性暴力”的结合体。

A vulnerability, which was classified as critical, has been found in Melapress WP 2FA Plugin up to 2.2.0 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2022-44595. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Outback Power Mojave Inverter. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of get request method with sensitive query strings. This vulnerability is known as CVE-2025-26473. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Synology DiskStation Manager. Affected is an unknown function of the component LDAP Utilities. The manipulation leads to improper certificate validation. This vulnerability is traded as CVE-2024-10444. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology Unified Controller and Replication Service. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to off-by-one. This vulnerability was named CVE-2024-10442. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Synology Camera BC500, Camera CC400W and Camera TC500. It has been rated as very critical. This issue affects some unknown processing of the component Video Interface. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-11131. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in ThemeGoods Altair Plugin up to 5.2.4 on WordPress. Affected is an unknown function of the file functions.php of the component User Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-12922. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in chrisbadgett LifterLMS Plugin up to 8.0.1 on WordPress. Affected by this vulnerability is the function delete_access_plan. The manipulation leads to missing authorization. This vulnerability is known as CVE-2025-2290. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in PX-lab BoomBox Theme Extensions up to 1.8.0 on WordPress. This affects the function boombox_ajax_reset_password. The manipulation leads to weak password recovery. This vulnerability is uniquely identified as CVE-2024-12295. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Synology Drive Server and classified as critical. This issue affects some unknown processing of the component WebAPI. The manipulation leads to missing authentication. The identification of this vulnerability is CVE-2024-50630. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in MNX SmartOS 60f76fd2-143f-4f57-819b-1ae32684e81b. It has been classified as critical. Affected is an unknown function of the component SSH Key. The manipulation leads to use of hard-coded cryptographic key . This vulnerability is traded as CVE-2025-30234. The attack needs to be initiated within the local network. There is no exploit available.

全球已知的人类语言有 7000 多种。一项新的基因组证据分析表明，人类独特的语言能力至少在 13.5 万年前就存在了。随后语言可能在 10 万年前进入社会使用。智人大约有 23 万年的历史。研究人员根据从化石到文物等不同形式的证据，对语言起源时间的估计差异很大。这项新研究的作者采取了不同方法。他们的理由是，既然所有人类语言可能有一个共同起源——正如研究人员强烈认为的那样，关键问题是人群分支何时开始在世界各地扩散。数据表明，大约在 13.5 万年前，人类出现了最早的区域分支。也就是说，在智人出现后，不同的人群在地理上分开，随着时间的推移，在不同地区的亚种人群中，一些遗传变异已经发展起来。研究显示的遗传变异数量使研究人员能够估计智人仍是一个地区未分开群体的时间点。那么如何确定人类语言是什么时候首次被使用的呢？研究指出，只有在智人的考古记录中才能发现与语言相容的行为和持续的象征性思维实践。证据显示，大约 10 万年前，从在物体上进行有意义的标记到使用火生产赭石，象征性活动广泛出现。就像人类复杂的、高度生成的语言一样，这些象征性活动是由人类参与的，而不是其他生物。

Austin, TX, United States, 19th March 2025, CyberNewsWire

The post SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats appeared first on Security Boulevard.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
• CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
• CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

World-renowned physicist, Professor Brian Cox, will headline day one of Infosecurity Europe, analyzing the science behind quantum computing and the challenges it brings