Aggregator

Submit #545810 / VDB-304574

天文学家运用哈勃太空望远镜，透过观测天王星极光的旋转运动测定其内部自转速率，精确度比过去的推算提升了一千倍。这项突破性的成果，为未来行星科学研究奠定了关键的新基准。行星的自转周期是理解其内部结构与磁场的重要基础，但对于像天王星这样遥远的天体而言，准确掌握其自转速率极具挑战性。为了解决这项难题，天文学家发展出一项崭新技术：透过观测天王星极光的旋转运动来推算其自转速率。这些极光是高能粒子流入天王星磁极区域，与上层大气互动后所产生的发光现象。研究团队分析了哈勃望远镜自 2011 年以来超过十年的紫外线极光观测资料，建立出磁场模型，并成功比对极光与磁极位置的时间变化，从而推算出天王星完整自转一圈的时间为 17 小时 14 分 52 秒，比 1986 年 NASA 航海家二号飞掠时的估计值多出 28 秒，精确度也提升了一千倍。

A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-3535. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. This vulnerability is traded as CVE-2025-3534. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #545457 / VDB-304573

A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The identification of this vulnerability is CVE-2025-3533. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. This vulnerability was named CVE-2025-3532. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #543120 / VDB-304572

A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-3531. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #543083 / VDB-304571

Submit #543082 / VDB-304570

Submit #543081 / VDB-304569

Submit #543080 / VDB-304569

A vulnerability was found in quay mirror-registry. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to permission issues. This vulnerability is handled as CVE-2025-3528. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Apache Roller up to 6.1.4. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session expiration. This vulnerability is known as CVE-2025-24859. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache SeaTunnel up to 2.3.10. It has been classified as critical. Affected is an unknown function of the file /hazelcast/rest/maps/submit-job of the component Restful api-v1. The manipulation leads to improper authentication. This vulnerability is traded as CVE-2025-32896. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Facebook Marketplace 已成为该社交平台的王牌功能，2023 年月活跃买家数超过了 12 亿，超越 eBay 成为最大的二手市场之一。根据最新数据，Facebook 月活跃用户中有 16% 就是为了访问 Marketplace 而使用该平台的。Facebook 称，Marketplace 正在吸引那些原本放弃该平台社交功能的年轻用户。这一转变代表着 Facebook 核心功能从“数字连接器”转向了“数字集市”，越来越多地的托管交易而非社交联系。它越来越像最早的分类广告平台 Craigslist。

A vulnerability was found in Microsoft Visual Studio Code up to 1.99.0 and classified as critical. This issue affects some unknown processing. The manipulation leads to improper access controls. The identification of this vulnerability is CVE-2025-32726. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Palo Alto Prisma Access Browser and classified as very critical. This vulnerability affects unknown code. The manipulation leads to Remote Code Execution. This vulnerability was named CVE-2025-0129. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Microsoft Edge. This affects an unknown part. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-29834. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.