Aggregator

刚刚释出的开源编解码器 FFmpeg 8 集成了语音识别和转录机器学习模型 Whisper，意味着它支持实时为视频生成字幕。FFmpeg 8 代号为 Huffman，以 1952 年发明的 Huffman 编码算法名字命名。Huffman 算法是历史最悠久的无损压缩算法之一。Whisper 模型由 OpenAI 于 2022 年 9 月发布，whisper.cpp 是 Georgi Gerganov 在 Whisper 基础上开发的本地和离线运行版本。

FFmpeg 8（代号Huffman）集成语音识别模型Whisper，支持实时为视频生成字幕。Whisper由OpenAI开发，whisper.cpp为Georgi Gerganov开发的本地运行版本。

A vulnerability was found in mtons mblog up to 3.5.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. This vulnerability appears as CVE-2025-9647. The attack may be initiated remotely. In addition, an exploit is available.

Когда тренажёр решает, что без подписки ты не достоин тренировки.

A vulnerability was found in O2OA up to 10.0-410. It has been declared as problematic. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. This vulnerability is reported as CVE-2025-9646. The attack can be launched remotely. Moreover, an exploit is present. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

Submit #636628 / VDB-258571

Submit #636627 / VDB-321854

A vulnerability was found in itsourcecode Apartment Management System 1.0. It has been classified as critical. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. This vulnerability is documented as CVE-2025-9645. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode Apartment Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. This vulnerability is registered as CVE-2025-9644. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in itsourcecode Apartment Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. This vulnerability is cataloged as CVE-2025-9643. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #636625 / VDB-321853

这些恶意网址和IP都与特定木马程序或木马程序控制端密切关联，网络攻击类型包括建立僵尸网络、后门利用等，对中国国内联网单位和互联网用户构成重大威胁。

该方法借助高分辨率图像实现，这些图像所承载的指令对人眼而言是不可见的，但当通过重采样算法降低图像质量时，指令便会显现出来。

当前环境出现异常，需完成验证后方可继续访问。

当前环境出现异常状态，需完成验证流程后方能恢复访问权限。

Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe a framework that can withstand these kinds of evasion attempts. Their work focuses on adversarial examples in malware detection, where attackers alter software in ways that preserve its function but confuse the model into … More →

The post New framework aims to outsmart malware evasion tricks appeared first on Help Net Security.

Submit #636506 / VDB-321852

Submit #636372 / VDB-321851

Submit #636371 / VDB-321850

A vulnerability, which was classified as problematic, was found in GE Vernova CIMPLICITY. Affected is an unknown function. Such manipulation leads to uncontrolled search path. This vulnerability is listed as CVE-2025-7719. The attack must be carried out locally. There is no available exploit. You should upgrade the affected component.