Aggregator

这是一篇只发表在少数派的文章。我并不打算让它出现在小偶像和 ota 们的视线中：他们不需要被审视，他们不需要被描述，他们只需要做他们自己。同样地，本文也不会出现任何个人和团体的真实名称——每个人发出的

A vulnerability was found in Ivanti Connect Secure, Policy Secure and Neurons for ZTA gateways up to 22.7. It has been classified as critical. Affected is an unknown function. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2025-0283. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

#人工智能 埃隆马斯克承认用于训练人工智能的真实世界 (区别于机器生成) 数据所剩无几，而未来使用合成数据训练模型是发展方向。合成数据即人工智能模型本身产生的数据，马斯克称利用合成数据

随着 TikTok 禁令即将于 2025 年 1 月 19 日生效，TikTok 开始加大推广力度，鼓励美国用户迁移到其姊妹应用 Lemon8。Lemon8 本质上是 TikTok 的备用

随着 TikTok 禁令即将于 2025 年 1 月 19 日生效，TikTok 开始加大推广力度，鼓励美国用户迁移到其姊妹应用 Lemon8。Lemon8 本质上是 TikTok 的备用方案，用户名和粉丝等数据都通用，用户在开通 Lemon8 账号之后其账号链接将会默认显示在 TikTok 个人资料中。用户需要手动编辑才能选择不显示 Lemon8 相关信息。字节跳动此举并不能让其应用免遭被美国下架，因为 TikTok 禁令适用于包括 Lemon8 在内的字节跳动旗下的其它应用。字节跳动可能认为监管机构和应用商店的主要目标是瞄准 TikTok，不太注意它的其它应用。

A vulnerability was found in GitLab Community Edition and Enterprise Edition up to 17.5.4/17.6.2/17.7.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to incorrect user management. The identification of this vulnerability is CVE-2024-13041. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Aklamator INfeed Plugin up to 2.0.0 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12717. The attack can be initiated remotely. There is no exploit available.

主站 分类 漏洞 工具 极客

Ivanti 公开披露了影响 ICS VPN 设备的两个关键漏洞： CVE-2025-0282 和 CVE-2025-0283。

A vulnerability was found in BU Section Editing Plugin up to 0.9.9 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12736. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Asgard Security Scanner Plugin up to 0.7 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12715. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in PostLists Plugin up to 2.0.2 on WordPress. Affected is an unknown function. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to cross site scripting. This vulnerability is traded as CVE-2024-10815. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in GitLab Community Edition and Enterprise Edition up to 17.5.4/17.6.2/17.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to inefficient algorithmic complexity. This vulnerability is known as CVE-2024-6324. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Aklamator INfeed Plugin up to 2.0.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-12731. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in Backlink Monitoring Manager Plugin up to 0.1.3 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-12714. The attack can be initiated remotely. There is no exploit available.

登录 注册

三星准备下个月为其智能手机和平板设备引入 AI Subscription Club 订阅服务，允许消费者租用/订阅 Galaxy 系列智能手机和平板，名字中的 AI 表示它适用于支持 AI 功能的设备。以一次性价格购买有 AI 功能的 Galaxy 设备的用户暂时不受影响，他们可以免费使用 AI 功能至 2025 年年底，但之后是否收费暂时不清楚。该订阅服务的商业模式类似 Netflix 和 Spotify 等流媒体服务。

主站 分类 漏洞 工具 极客

乌克兰黑客组织宣布，他们已经攻破了俄罗斯互联网服务提供商Nodex的网络，并在窃取敏感文件后清空了系统。