Aggregator
CVE-2025-32914 | GNOME libsoup soup_multipart_new_from_message out-of-bounds
5 months 1 week ago
A vulnerability has been found in GNOME libsoup and classified as problematic. This vulnerability affects the function soup_multipart_new_from_message. The manipulation leads to out-of-bounds read.
This vulnerability was named CVE-2025-32914. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-2475 | Mattermost up to 9.11.9/10.4.3/10.5.1 Bot incorrect implementation of authentication algorithm
5 months 1 week ago
A vulnerability, which was classified as critical, was found in Mattermost up to 9.11.9/10.4.3/10.5.1. This affects an unknown part of the component Bot Handler. The manipulation leads to incorrect implementation of authentication algorithm.
This vulnerability is uniquely identified as CVE-2025-2475. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2424 | Mattermost up to 9.11.9/10.5.1 Bookmark authorization
5 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Mattermost up to 9.11.9/10.5.1. Affected by this issue is some unknown functionality of the component Bookmark Handler. The manipulation leads to incorrect authorization.
This vulnerability is handled as CVE-2025-2424. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Из даркнета — в бухгалтерию: хакерские логины теперь в бюджете HUMINT
5 months 1 week ago
Киберразведка по законам рынка.
中国民航局颁发首批飞行出租车运营合格证
5 months 1 week ago
中国民航局(CAAC)向广东亿航通用航空有限公司及其子公司合肥合翼航空有限公司颁发了全国第一批载人类民用无人驾驶航空器运营合格证,两家公司未来将正式开始向广州合肥居民提供无人驾驶的低空观光等商业载人服务。获得运营合格证的无人驾驶飞行器 EH216-S 为双座纯电力驱动,配备了八个机臂和十六个旋翼,最高时速可达 130 公里/小时,巡航速度可达 100 公里/小时,最大飞行高度 3,000 米,单次充电可飞行 35 公里或 21 分钟,载重 220 公斤,飞行器使用了触控式双屏操作平台。
BSidesLV24 – Breaking Ground – The Dark Side of The Moon
5 months 1 week ago
Authors/Presenters: Chris Formosa, Crudd
Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.
The post BSidesLV24 – Breaking Ground – The Dark Side of The Moon appeared first on Security Boulevard.
Marc Handelman
Major WordPress Plugin Flaw Exploited in Under 4 Hours
5 months 1 week ago
Flaw in SureTriggers plugin allows unauthenticated users to create admin accounts on WordPress sites
Alleged Database Sale of Takeda Pharmaceutical Company
5 months 1 week ago
Alleged Database Sale of Takeda Pharmaceutical Company
Dark Web Informer - Cyber Threat Intelligence
警惕!超 10 万 WordPress 网站因 SureTriggers 插件漏洞,面临管理员账户创建风险
5 months 1 week ago
安全客
A New 'It RAT': Stealthy 'Resolver' Malware Burrows In
5 months 1 week ago
A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it's downright difficult to count them all.
Nate Nelson, Contributing Writer
PHP关于数组联合和合并的区别
5 months 1 week ago
+运算符把右边的数组元素附加到左边的数组后面,两个数组中都有的键名,则只用左边数组中的,右边的被忽略。
杨龙
Alleged Data Breach of MN & Asociados S.A
5 months 1 week ago
Alleged Data Breach of MN & Asociados S.A
Dark Web Informer - Cyber Threat Intelligence
CVE-2025-2161 | Pegasystems Pega Infinity up to 24.2.1 cross site scripting
5 months 1 week ago
A vulnerability classified as problematic was found in Pegasystems Pega Infinity up to 24.2.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting.
This vulnerability is known as CVE-2025-2161. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-2160 | Pegasystems Pega Infinity up to 24.2.1 cross site scripting
5 months 1 week ago
A vulnerability classified as problematic has been found in Pegasystems Pega Infinity up to 24.2.1. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2025-2160. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-48841 | ABB FLXEON up to 9.3.4 filename control (EDB-52188)
5 months 1 week ago
A vulnerability was found in ABB FLXEON up to 9.3.4. It has been rated as very critical. Affected by this issue is some unknown functionality. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion').
This vulnerability is handled as CVE-2024-48841. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com
企业网络危机:黑客利用路由器漏洞,构建持久攻击链路
5 months 1 week ago
安全客
隐秘的类Rootkit恶意软件BPFDoor利用反向Shell渗透被入侵网络
5 months 1 week ago
隐秘后门BPFDoor利用内核级技术渗透全球企业网络,极难检测!
【通知】第十四期开源情报能力培训班5月底成都开班
5 months 1 week ago
为了进一步提升我国相关专业人员运用开源情报的实战能力,第14期全国开源情报能力提升培训班将于2025年5月25日在成都市举办。
【情报资讯】多名俄罗斯特工在基辅被捕
5 months 1 week ago
俄罗斯军事情报局(GRU)特工小组在基辅被捕。3月31日,乌克兰媒体报道:乌克兰安全局拘留了三名协助俄罗斯袭击基辅的俄罗斯特工。