Aggregator

Госдума одобрила законопроект о маркировке всех телефонных звонков.

A vulnerability, which was classified as critical, has been found in GNOME Epiphany up to 43.0. Affected by this issue is some unknown functionality of the component Web Contents Handler. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2023-26081. The attack can only be initiated within the local network. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Ajax Search Pro Plugin up to 4.26.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2023-1435. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ajax Search Lite Plugin up to 4.11 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2023-1420. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Cool Plugins Cryptocurrency Widgets Plugin up to 2.6.8 on WordPress. This affects an unknown part. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-27953. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WyreStorm Apollo VX20 up to 1.3.57 and classified as problematic. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2024-25734. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Archer Platform up to 2024.03. It has been declared as critical. This vulnerability affects unknown code of the component Authentication Handler. The manipulation leads to session expiration. This vulnerability was named CVE-2024-34092. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WP STAGING Backup Plugin up to 3.5.0 on WordPress and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-4469. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A Cato Networks researcher discovered a new LLM jailbreaking technique enabling the creation of password-stealing malware

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. [...]

A server-side request forgery vulnerability in OpenAI's chatbot infrastructure can allow attackers to direct users to malicious URLs, leading to a range of threat activity.

The data loss prevention company emerges from stealth with an AI-powered platform to help organizations distinguish between legitimate and risky activity.

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-2344. The attack may be launched remotely. There is no exploit available. It is recommended to apply restrictive firewalling. The vendor was contacted early about this disclosure but did not respond in any way. Our investigation indicates that a second CVE-2025-30111 was assigned to this entry.

A vulnerability was found in ROADCAM X3 App on Android. It has been classified as problematic. This affects an unknown part. The manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2025-30123. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in ROADCAM X3 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to use of default credentials. This vulnerability is handled as CVE-2025-30122. The attack needs to be approached within the local network. There is no exploit available.

种种数据显示，人类的推理和问题解决能力可能在大约 2010 年初达到峰值，之后开始下降。这一时间段是智能手机和社交媒体开始席卷世界的时代。发达国家青少年和成年人的阅读、数学和科学测试成绩在下降，有多达四分之一的成年人在评估陈述时难以使用数学推理，而美国这一比例高达 35%。我们获取信息的方式发生了根本性转变，美国人的读书率降至了不到 50% ，自 2010 年代中期以来 18 岁年轻人难以思考和集中注意力。我们的数字习惯发生了变化：从有限制的网页转变为无限的信息流，从主动浏览转变为被动消费，从集中注意力转变为不断切换上下文。研究表明，有意识的使用数字技术能带来好处，但过去几年占主导的被动消费会损害语言处理、注意力、工作记忆和自我调节。

A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The identification of this vulnerability is CVE-2025-2341. The attack needs to be initiated within the local network. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. Our investigation indicates that a second CVE-2025-30106 was assigned to this entry.

A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2025-2345. It is possible to initiate the attack remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any way. It looks like this entry got a duplicate CVE-2025-30107 assigned.

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. This vulnerability was named CVE-2025-2346. The attack can be initiated remotely. There is no exploit available. It is recommended to apply restrictive firewalling. During the analysis of our data team we suspected a duplicate CVE assignment as CVE-2025-30132.

Wiz确认被谷歌收购！