Aggregator

A vulnerability has been found in Mozilla Firefox and classified as problematic. Affected by this vulnerability is an unknown functionality of the component WebGL. The manipulation leads to use after free. This vulnerability is known as CVE-2022-46882. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Password Manager for IIS 2.0 and classified as problematic. This vulnerability affects unknown code in the library /isapi/PasswordManager.dll. The manipulation of the argument ResultURL leads to cross site scripting. This vulnerability was named CVE-2022-36664. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. This vulnerability is traded as CVE-2021-4287. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

识别攻击面，护航大模型数据安全

识别攻击面，护航大模型数据安全

一、境外厂商产品漏洞1、TOTOLINK A6000R action_passwd命令注入漏洞TOTOLINK

2025年04月21日-2025年04月27日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。

一、境外厂商产品漏洞1、TOTOLINK A6000R action_passwd命令注入漏洞TOTOLINK

2025年04月21日-2025年04月27日本周漏洞态势研判情况本周信息安全漏洞威胁整体评价级别为中。

A vulnerability was found in BookReview. It has been classified as problematic. Affected is an unknown function of the file suggest_review.htm. The manipulation of the argument node leads to basic cross site scripting. This vulnerability is traded as CVE-2005-1782. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

速修复

该漏洞已修复

Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. The two vulnerabilities, tracked as CVE-2025-32432 and CVE-2024-58136, are respectively a […]

A vulnerability classified as critical was found in Tenda W12 and i24 3.0.0.4(2887)/3.0.0.5(3644). Affected by this vulnerability is the function cgidhcpsCfgSet of the file /goform/modules of the component httpd. The manipulation of the argument json leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-4007. The attack can be launched remotely. Furthermore, there is an exploit available.

The UK government says it will ban the possession or supply of SIM farms, in a fraud crackdown

Сэм Альтман пишет черновик правил, пока ИИ собирает черновики ваших признаний.

A vulnerability has been found in avatar_uploader v7.x-1.0-beta8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation leads to path traversal. This vulnerability is known as CVE-2018-9205. The attack can be launched remotely. Furthermore, there is an exploit available.

Кажется, школьный учитель языка что-то недоговаривал о вашей будущей профессии.

A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020. Identified by ONEKEY Research Lab through automated binary static analysis, the flaw, tracked as CVE-2024-6198, affects the “SNORE” web interface running on lighttpd over TCP ports 3030 and 9882. With […]

The post Viasat Modems Zero-Day Vulnerabilities Let Attackers Execute Remote Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

深空探索如未来的火星任务面临高延迟和数据传输低带宽等挑战。NASA 探测富金属小行星灵神星（16 Phyche）的“灵神星（Phyche）”号探测器前不久成功演示了从数百万公里外使用激光通信传输大量数据的能力。荷兰研究人员利用火星气候数据库探索了在火星上使用激光通信的可行性。研究发现，火星的沙尘暴颗粒会影响激光通信的传输，在沙尘暴季节激光通信可能会完全中断。研究建议火星通信系统最好混合激光通信和无线电通信，确保能在不同气候条件下都能使用。