Aggregator

阅读： 1一、漏洞概述近日，绿盟科技CERT监测到GitHub发布安全公告，Mongoose中修复了一个搜索注入漏洞（CVE-2025-

Исследователи получили полный контроль над бортовыми системами автомобиля.

A vulnerability was found in Cisco SN 5420 Storage Router up to 1.1(5) and classified as critical. Affected by this issue is some unknown functionality of the component Config Handler. The manipulation leads to improper privilege management. This vulnerability is handled as CVE-2002-1595. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco SN 5420 Storage Router up to 1.1(5). It has been classified as problematic. This affects an unknown part of the component HTTP Request Encoding Handler. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2002-1596. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco SN 5420 Storage Router up to 1.1(5). It has been declared as problematic. This vulnerability affects unknown code of the component Fragmentation Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2002-1597. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ncftp up to 3.1.4. It has been classified as problematic. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2002-1345. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as very critical, has been found in Solaris and Irix. This issue affects some unknown processing of the component DES Authentication. The manipulation leads to Remote Code Execution. The identification of this vulnerability is CVE-2002-1584. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

通告编号:NS-2025-00052025-01-21TAG：MongoDB Mongoose、搜索注入、CVE-2025-23061漏洞危害：攻击者利用此漏洞，可实现代码注入。 版本：1.01漏洞概

近日，绿盟科技CERT监测到GitHub发布安全公告，Mongoose中修复了一个搜索注入漏洞（CVE-2025-23061）。CVSS评分9.0，请相关用户尽快采取措施进行防护。

The Open Web Application Security Project (OWASP) has released its updated Smart Contract Top 10 for 2025, providing essential insights for developers and security teams in the rapidly evolving Web3 environment. This document outlines the most pressing vulnerabilities found in smart contracts, serving as a crucial resource for maintaining security and protecting against exploitation. OWASP’s new release […]

The post OWASP Smart Contract Top 10 2025 Released – What’s new! appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as critical has been found in Microsoft Windows. Affected is the function CreateDIBPalette of the file win32k.sys of the component Driver. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2010-2739. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Microsoft Media Player 9.x and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The identification of this vulnerability is CVE-2010-2745. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Microsoft Windows. Affected by this vulnerability is an unknown functionality in the library Common Control Library of the component Integer Truncation Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2010-2746. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Mozilla Firefox up to 4.0 and classified as problematic. This vulnerability affects the function js_InitRandom of the component Random Number Generator. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2010-3399. The attack can be initiated remotely. There is no exploit available.