Aggregator

Cигналы оказались слишком шумными.

A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The identification of this vulnerability is CVE-2025-5153. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection. This vulnerability was named CVE-2025-5152. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #575470 / VDB-310241

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection. This vulnerability is uniquely identified as CVE-2025-5151. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue. The code maintainer explains, that "[they] have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks. Having said that, we have added a SECURITY section in our README to make this clearer to users."

Submit #575047 / VDB-310240

Учёный из Нидерландов предупреждает об угрозе перегрузки инфраструктуры.

Submit #574923 / VDB-248938

Submit #574809 / VDB-310239

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). This vulnerability is handled as CVE-2025-5150. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. This vulnerability is known as CVE-2025-5149. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #574696 / VDB-310238

Submit #574590 / VDB-310237

马斯克（Elon Musk）旗下平台 X 使用的一个位于俄亥俄州 Hillsboro 的数据中心发生火灾。当地消防队称他们在一个房间内发现了疑似与火灾有关联的电池，房间内烟雾弥漫，火势未蔓延至建筑物的其它部分。数据中心运营商 Digital Realty 表示火灾已得到控制，暂无人员伤亡报告。

托尔金（J.R.R. Tolkien）的《指环王》系列小说影响了一代又一代的人，但今天一部分人对书的解读可能与作者的意图南辕北辙。硅谷的科技右派们可能更痴迷于掌握魔戒的力量，是索伦(Sauron) 的追随者，虽然他们在口头上仍然会宣称站在致力于摧毁魔戒的护戒使者这一边。经历过战火的托尔金向往的是霍比特人 (Hobbits)的田园风光，他在书中刻画的英雄也是普通的霍比特人、佛罗多的园丁萨姆（Sam Gamgee）。然而今天的科技右派向往的是索伦的专制帝国，前苹果和 Google 高管 Kim Scott 在一篇专栏中指出，科技业对“一人原则”或“创始人模式”的管理风格推崇备至。风险投资人 Marc Andreessen 形容这种专制管理风格是“踏上英雄之路，反抗现状，探索未知，征服巨龙，带回战利品”。Andreessen、Elon Musk 和 Peter Thiel 是硅谷科技右派的代表，将他们前进路上的障碍，无论是监管还是伦理，都视为恶棍。Thiel 是保守派的一大金主，他称自己至少读过《指环王》三部曲十遍，他用书中的魔法物品命名了旗下的多家公司。副总统 JD Vance 深受其影响，他表示自己的保守世界观主要来自托尔金。他用甘道夫的火之戒命名了自己的风投公司 Narya Capital。托尔金如果还活着可能会对硅谷科技右派的做法倍感困惑。Thiel 说他对永生的追逐来自于《指环王》中的精灵，他称精灵是不死的人类，说“我们为什么不能成为精灵”？黑暗启蒙运动的创始人 Curtis Yarvin 推崇君主制，把将特朗普选上台的选民轻蔑的称为是“霍比特人”。但霍比特人在摧毁魔戒的使命中起到了举足轻重的作用。

A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. This vulnerability is traded as CVE-2025-5148. An attack has to be approached locally. There is no exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. It is recommended to apply a patch to fix this issue.

Submit #573800 / VDB-310236

今日暂未更新资讯~
更多最新文章，请访问SecWiki