Aggregator

Python 软件基金会因与美国政府财政拨款条件冲突而拒绝 150 万美元资助。该条件要求放弃 DEI（多元、平等和包容）政策，与基金会核心价值观不符。尽管面临通货膨胀和赞助减少等财务压力，基金会仍坚持使命并呼吁社区支持开源项目发展。

A vulnerability identified as problematic has been detected in Apache Tomcat up to 8.4.x/8.5.100/9.0.109/10.1.46/11.0.11. This vulnerability affects unknown code of the component Cleaning. This manipulation causes denial of service. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is tracked as CVE-2025-61795. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apache Tomcat up to 8.4.x/8.5.100/9.0.108/10.1.44/11.0.10 on Windows. This issue affects some unknown processing. Such manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is listed as CVE-2025-55754. The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.

A vulnerability categorized as problematic has been discovered in Legion of the Bouncy Castle Bouncy Castle for Java FIPS and Bouncy Castle for Java LTS. Impacted is an unknown function of the component API Module. The manipulation results in resource consumption. This vulnerability is reported as CVE-2025-12194. The attack requires a local approach. No exploit exists.

BlueNoroff网络犯罪组织针对区块链和Web3行业高管及开发者实施SnatchCrypto行动，采用GhostCall和GhostHire两种策略：前者通过伪造Zoom会议诱骗用户下载恶意软件；后者伪装招聘人员让开发者执行恶意项目。该组织利用AI生成视频、图像，并借助GitHub、Telegram等平台分发恶意软件。其攻击链复杂且模块化设计以规避安全检测。

プラネックスコミュニケーションズ株式会社が提供するMZK-DP300Nには、ハードコードされた認証情報の使用の脆弱性が存在します。

A vulnerability was found in ISC INN 1.4sec/1.4sec2/1.4unoff3/1.4unoff4/1.5. It has been classified as critical. This impacts an unknown function of the component Metacharacter Handler. The manipulation as part of newgroup/rmgroup Control Messages leads to improper privilege management. This vulnerability is documented as CVE-1999-0043. The attack can be initiated remotely. There is not any exploit available. This vulnerability is historically significant due to its background and the way it was received. Upgrading the affected component is recommended.

A vulnerability labeled as critical has been found in SGI IRIX up to 6.3. This affects an unknown part of the file webdist.cgi. The manipulation results in improper privilege management. This vulnerability is cataloged as CVE-1999-0039. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded.

A vulnerability classified as critical has been found in University of Washington POP3 and IMAP4. This affects an unknown part. This manipulation causes memory corruption. This vulnerability appears as CVE-1999-0042. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

近期，奇安信网络安全部和威胁情报中心观察到有多个政企客户研发人员从 Github 上下载不可信的工具或安装包，从而导致开发终端被植入窃密或挖矿软件，可能会对公司核心数据造成潜在的影响。

A vulnerability labeled as critical has been found in RIFARTEK IOT Wall. Affected by this issue is some unknown functionality. Executing manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2023-25017. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in RIFARTEK IOT Wall. It has been rated as problematic. Affected by this issue is some unknown functionality. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2023-25018. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in NEC PC Settings Tool up to 10.1.26.0/11.0.22.0. It has been rated as very critical. Affected by this vulnerability is an unknown functionality of the component Registry Handler. Performing manipulation results in privilege escalation. This vulnerability is reported as CVE-2023-25011. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability, which was classified as critical, was found in Autodesk 3DS Max. This issue affects some unknown processing of the component USD File Parser. Executing manipulation can lead to out-of-bounds write. This vulnerability appears as CVE-2023-25009. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability labeled as problematic has been found in Autodesk Maya. Impacted is an unknown function of the component USD File Parser. Executing manipulation can lead to information disclosure. This vulnerability is tracked as CVE-2023-25010. The attack is only possible within the local network. No exploit exists.

科技巨头亚马逊宣布裁员3万人，占员工总数近9%，涉及物流、支付、游戏及AWS等多个团队。此次裁员旨在削减开支并调整疫情期间的过度招聘。员工已收到通知，在办公室内坐立不安。亚马逊正大力投资人工智能，并计划在未来几年减少员工总数以提高效率。

A vulnerability was found in Apache HTTP Server up to 1.1. It has been rated as problematic. Affected by this vulnerability is an unknown functionality of the file nph-test-cgi. This manipulation causes information disclosure. This vulnerability appears as CVE-1999-0045. The attack may be initiated remotely. In addition, an exploit is available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Berkeley Sendmail 8.8.3/8.8.4. The impacted element is an unknown function of the component MIME Handler. Performing manipulation results in memory corruption. This vulnerability is known as CVE-1999-0047. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability marked as critical has been reported in IBM AIX 3.1/4.1/4.2. Impacted is an unknown function of the component Talkd. This manipulation as part of DNS Information causes improper privilege management. This vulnerability appears as CVE-1999-0048. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.