Aggregator

A vulnerability was found in Apple macOS up to 10.12.3 and classified as problematic. This issue affects some unknown processing of the component tiffutil. The manipulation results in memory corruption. This vulnerability was named CVE-2016-9535. The attack may be performed from remote. There is no available exploit. It is suggested to upgrade the affected component.

A vulnerability has been found in Microsoft Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component Agere Modem Driver. Performing manipulation results in stack-based buffer overflow. This vulnerability is reported as CVE-2025-24052. The attack requires a local approach. No exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability has been found in LibTIFF 4.0.6 and classified as critical. Impacted is an unknown function of the file tif_predict.c of the component Debug Mode/Release Mode. Performing manipulation results in memory corruption. This vulnerability is reported as CVE-2016-9535. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

嗯，用户让我总结这篇文章的内容，控制在100字以内，而且不需要用特定的开头。首先，我需要快速浏览文章，抓住主要信息。 文章讲的是X社交媒体网站（原Twitter）要停用旧域名Twitter.com。用户必须解绑并重新绑定通行密钥，否则可能无法登录。已经使用其他2FA验证的用户可以解绑继续使用。此外，收藏的旧链接将无法访问，需要改为X.com。X的安全团队提到这是域名停用的原因，建议用户同时绑定通行密钥和6位验证码作为备用。 接下来，我需要把这些要点浓缩到100字以内。确保涵盖停用域名、用户操作、影响、建议等内容。 最后，检查语言是否简洁明了，没有使用禁止的开头，并且符合字数限制。 社交媒体网站 X 宣布将停用 Twitter.com 域名，并要求用户解绑旧通行密钥重新绑定。未操作可能导致登录问题。用户可选择其他 2FA 验证方式继续使用账户。原有 Twitter.com 链接将失效，需改为 X.com 访问。

A vulnerability, which was classified as critical, has been found in PHP and FI 1.0/2.0b10. This issue affects some unknown processing of the file php.cgi. Performing manipulation results in memory corruption. This vulnerability is known as CVE-1999-0058. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as critical has been found in SGI IRIX 5.3/6.1/6.2/6.3. This vulnerability affects unknown code of the component fam Service. Such manipulation leads to improper privilege management. This vulnerability is referenced as CVE-1999-0059. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as critical has been found in John S. Roberts AnyForm 1.0/2.0. The impacted element is an unknown function of the component CGI Handler. Executing manipulation as part of Semicolon can lead to improper privilege management. This vulnerability is tracked as CVE-1999-0066. The attack can be launched remotely. Moreover, an exploit is present. The affected component should be upgraded.

A vulnerability was found in NCSA Webserver 1.5. It has been declared as critical. This impacts an unknown function of the component phf Handler. Executing manipulation can lead to improper privilege management. This vulnerability is handled as CVE-1999-0067. The attack can be executed remotely. Additionally, an exploit exists. This vulnerability is notable in history due to its background and the response it received. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in atjiu pybbs up to 6.0.0. This affects an unknown function of the file UserApiController.java. The manipulation results in information disclosure. This vulnerability is cataloged as CVE-2025-12297. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Simple Food Ordering System 1.0 and classified as problematic. This affects an unknown part of the file /editcategory.php. The manipulation of the argument pname leads to cross site scripting. This vulnerability is traded as CVE-2025-12298. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects Simple Food Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument pname/category/price results in cross site scripting. This vulnerability is known as CVE-2025-12299. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in code-projects Simple Food Ordering System 1.0. It has been classified as problematic. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. This vulnerability is handled as CVE-2025-12300. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in code-projects Simple Food Ordering System 1.0. It has been declared as critical. Impacted is an unknown function of the file /editproduct.php. Such manipulation of the argument photo leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2025-12301. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Simple Food Ordering System 1.0. It has been rated as problematic. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. This vulnerability was named CVE-2025-12302. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability categorized as problematic has been discovered in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an unknown function of the file admin-profile.php. Executing manipulation of the argument adminname/email can lead to cross site scripting. The identification of this vulnerability is CVE-2025-12303. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in GNU Bison up to 3.8.2. This affects the function __obstack_vprintf_internal of the file obprintf.c. Executing manipulation can lead to reachable assertion. This vulnerability appears as CVE-2025-8733. The attack requires local access. In addition, an exploit is available. It is still unclear if this vulnerability genuinely exists. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.

A vulnerability, which was classified as problematic, has been found in GNU Bison up to 3.8.2. This impacts the function code_free of the file src/scan-code.c. The manipulation leads to double free. This vulnerability is traded as CVE-2025-8734. An attack has to be approached locally. Furthermore, there is an exploit available. The actual existence of this vulnerability is currently in question. The issue could not be reproduced from a GNU Bison 3.8.2 tarball run in a Fedora 42 container.

A vulnerability, which was classified as problematic, was found in GNU cflow up to 1.8. Affected is the function yylex of the file c.c of the component Lexer. The manipulation results in null pointer dereference. This vulnerability is known as CVE-2025-8735. Attacking locally is a requirement. Furthermore, an exploit is available.

嗯，用户让我总结一下这篇文章的内容，控制在一百个字以内，而且不需要用“文章内容总结”之类的开头。好的，我先仔细读一下这篇文章。 文章主要讲的是火狐浏览器从2025年11月3日开始，要求扩展程序必须声明是否收集和传输用户个人信息。如果不声明而实际收集的话，可能无法上线。目前这个政策只适用于新扩展程序，到明年上半年会覆盖所有扩展程序。用户安装时也会看到提醒。 接下来，我需要提取关键信息：火狐浏览器、扩展程序、收集个人信息、11月3日开始、新扩展程序必须声明、明年上半年覆盖所有、用户安装时提醒。 然后把这些信息浓缩成一句话，控制在一百字以内。要注意用词简洁明了，避免冗余。 可能的结构是：火狐浏览器从某日期起要求扩展程序声明是否收集个人信息，新扩展需声明，明年覆盖所有，并提醒用户。 检查一下是否符合要求：没有使用“文章内容总结”之类的开头，控制在一百字以内，涵盖了主要政策和时间点。 最后再通顺一下语句，确保流畅自然。 火狐浏览器要求扩展程序从2025年11月3日起声明是否收集和传输用户个人信息。新扩展需提前披露数据收集情况，现有扩展将在2026年上半年前逐步适用该政策。未披露信息的扩展可能无法上线或被停用。

网传谷歌泄露1.83亿账户密码影响Gmail等产品，谷歌辟谣称91%为老数据，并向受影响用户发送安全通知提醒修改密码和启用多因素认证。