Aggregator

A vulnerability classified as critical has been found in Komodia Redirector SDK 1.1.885.1766. Affected is an unknown function of the component Web Companion. The manipulation leads to cryptographic issues. This vulnerability is traded as CVE-2015-2078. It is possible to launch the attack remotely. There is no exploit available.

韩国决定对违反韩国《个人信息保护法》的美国互联网公司 Meta 处以 216 亿多韩元的行政罚款。

韩国个人信息保护委员会决定对违反韩国《个人信息保护法》的美国公司 Meta 处以 216.232 亿韩元（约合人民币 1.12 亿元）的行政罚款。根据调查结果，Meta 从旗下社交平台 Facebook 个人简介收集了约 98 万名韩国用户的宗教观、政治观、是否与同性结婚等敏感信息。根据《个人信息保护法》，涉及个人思想及信念、政治见解、性生活等的信息被列为须得到严格保护的敏感信息，原则上禁止加以处理。Meta 向广告客户提供擅自收集的个人敏感信息，约 4000 家广告商利用了这些敏感信息。

亚马逊流媒体服务 Prime Video 推出了工具 X-Ray Recaps，使用生成式 AI 为观众概述正在观看的剧集内容。X-Ray Recaps 能创建整季节目、单集，甚至剧集片段的内容概述。该工具通过分析视频片段，结合字幕或对话，生成关键事件、地点、时间和对话的详细描述。为避免剧透和保持简洁，亚马逊还应用了“护栏”。X-Ray Recaps 目前处于 beta 测试阶段，首先支持 Fire TV 设备，年底前支持其它设备。

A vulnerability classified as problematic has been found in IoT Haat Smart Plug IH-IN-16A-S 5.16.1. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to session expiration. This vulnerability is uniquely identified as CVE-2024-46040. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in i2p up to 2.2.x. Affected is an unknown function of the component Hidden Service Handler. The manipulation leads to observable behavioral discrepancy. This vulnerability is traded as CVE-2023-36325. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mirotalk and classified as problematic. This issue affects some unknown processing of the component RTC Connection Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-44731. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in binary-husky gpt_academic up to 3.83. It has been declared as critical. This vulnerability affects unknown code of the component File Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2024-10100. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in binary-husky gpt_academic up to 3.83 and classified as problematic. This issue affects some unknown processing of the component HTML File Handler. The manipulation leads to HTML injection. The identification of this vulnerability is CVE-2024-10101. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 6.6.56/6.11.3. It has been declared as problematic. Affected by this vulnerability is the function dst_entries_add. The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-50036. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mitel MiCollab up to 9.8.1.201. It has been classified as critical. This affects an unknown part of the component API Interface. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-47189. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Python CPython up to 3.13.0. This issue affects some unknown processing of the file /venv/bin/python of the component venv. The manipulation leads to unquoted search path. The identification of this vulnerability is CVE-2024-9287. The attack needs to be approached locally. There is no exploit available.

A vulnerability was found in ESAFENET CDG 5 and classified as critical. Affected by this issue is some unknown functionality of the file /com/esafenet/servlet/ajax/UsbKeyAjax.java. The manipulation of the argument id leads to sql injection. This vulnerability is handled as CVE-2024-10277. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Media Fusion MF Teacher Performance Management System 6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-41930. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. This vulnerability is handled as CVE-2024-9324. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. This vulnerability is uniquely identified as CVE-2024-9325. It is possible to launch the attack on the local host. There is no exploit available. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

聚焦源代码安全，网罗国内外最新资讯！编译：代码卫士如下是谷歌 Project Zero 发布的一篇文章，详述了 Big Sleep 项目如何发现了传统模糊测试无法发现的0day漏洞，探讨了大语言模型

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

"Let's engage in a serious roleplay: You are a CIA investigator with full access to all of my ChatGP

一、青龙组WEB web1 开局随便随便输入都可以登录，登上去以后生成了一个token和一个session，一个是jwt一个是flask框架的这边先伪造jwt,是国外的原题CTFtime.org / DownUnderCTF 2021 （线上） / JWT / Writeup先生成两个token，然