Aggregator

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where you shop, what you search online, even stuff from public records – and then sell it to other companies, mostly for ads. The real problem lies in the lack of transparency since most people … More →

The post Protecting your personal information from data brokers appeared first on Help Net Security.

Java webshell的绕过

今日暂未更新资讯~
更多最新文章，请访问SecWiki

SERVER KILLERS Targeted the Website of Government Portal of Belgium

A vulnerability has been found in Uguu up to 1.8.9 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-55279. The attack can be launched remotely. There is no exploit available.

Alleged Sale of CarFax Law Enforcement Plate Search Service for USA and Canada

关于Java CommonsCollections 反序列化链 的进阶绕过技巧

库克（Tim Cook）来华出席了中国发展高层论坛，宣布设立 7.2 亿元清洁能源投资基金，该基金的目标是每年为中国电网新增约 55 万兆瓦时的风能和太阳能发电能力，帮助苹果达成到 2030 年全部碳足迹实现碳中和这一目标。库克在接受官媒采访时称赞了中国 AI 公司 DeepSeek，称其模型非常出色。苹果正在等待官方批准将 Apple Intelligence 引入国行版 iPhone 手机。国行 Apple Intelligence 据报道将使用阿里巴巴的大模型，原因是 Deepseek 团队缺乏支持像苹果这样的大客户所需的人力和经验。

Ассамблея против слежки МВД.

FCC chair warns these companies may still be operating in the US because they don't believe that being added to its "Covered List" poses any serious risk.

A vulnerability was found in FriendlyElec FriendlyWrt 2022-11-16.51b3d35. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is known as CVE-2024-2495. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been classified as critical. This affects an unknown part of the file /amssplus/modules/book/main/select_send.php. The manipulation of the argument sd_index leads to sql injection. This vulnerability is uniquely identified as CVE-2024-2584. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been declared as critical. This vulnerability affects unknown code of the file /amssplus/modules/book/main/select_send_2.php. The manipulation of the argument sd_index leads to sql injection. This vulnerability was named CVE-2024-2585. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Amssplus AMSS++ 4.31. It has been rated as critical. This issue affects some unknown processing of the file /amssplus/index.php. The manipulation of the argument Username leads to sql injection. The identification of this vulnerability is CVE-2024-2586. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Colorlib Coming Soon & Maintenance Mode Plugin up to 1.0.99 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-1473. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in File Manager Plugin up to 7.2.5 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-2654. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in SiteOrigin Widgets Bundle Plugin up to 1.60.0 on WordPress and classified as problematic. This issue affects the function siteorigin_widget of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-4362. The attack may be initiated remotely. There is no exploit available.