Aggregator

A vulnerability was found in cssimmon Backup and Restore Plugin up to 1.50 on WordPress. It has been rated as problematic. This issue affects the function ajax_queue_manual_backup. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-12208. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in swarminteractive ViewMedica 9 Plugin up to 1.4.15 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12170. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in PayGreen Payment Gateway Plugin up to 1.0.26 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation of the argument message_id leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11810. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in deios Financial Stocks & Crypto Market Data Plugin up to 1.10.3 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument e leads to cross site scripting. This vulnerability is handled as CVE-2024-11690. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in sazzadh Image Magnify Plugin up to 1.1 on WordPress and classified as problematic. Affected by this vulnerability is the function image_magnify of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11445. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in beardev JoomSport Plugin up to 5.6.17 on WordPress. Affected is an unknown function. The manipulation of the argument page leads to cross site scripting. This vulnerability is traded as CVE-2024-12633. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in AXIS Camera Station Pro up to 6.4. This issue affects some unknown processing of the component Audit Log Handler. The manipulation leads to improper output neutralization for logs. The identification of this vulnerability is CVE-2024-7696. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Category Posts Widget Plugin up to 4.9.17 on WordPress. This vulnerability affects unknown code of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9638. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Auction Plugin up to 3.7 on WordPress. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8857. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Tabs Shortcode Plugin up to 2.0.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11606. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in seomantis SEO Keywords Plugin up to 1.1.3 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument google_error leads to cross site scripting. This vulnerability is known as CVE-2024-12126. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Nextcloud Server up to 28.0.8/29.0.4. This vulnerability affects unknown code. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-52516. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Nextcloud Server up to 28.0.10/29.0.7/30.0.0. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-52517. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in python-sql. It has been rated as critical. This issue affects some unknown processing of the component Expression Handler. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-9774. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Linux Kernel up to 5.16.3 and classified as critical. Affected by this vulnerability is the function put_unused_fd of the component File Descriptor Handler. The manipulation leads to uncontrolled file descriptor consumption. This vulnerability is known as CVE-2022-48771. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

回顾过去的一年，每个月都有大量的网站系统数据泄漏事件，在暗网出售的只是一部分有价值的内容，相比于空虚的数据安全，更重要的是数据库系统的安全，我们看到面对0day甚至Nday很多安全防护产品都无还手之力

山石网科安全技术研究院2024年度全球重点安全漏洞与事件盘点第二篇

英伟达宣布了 GeForce RTX 50 系列显卡，共四个型号，5090、5080、5070 Ti 和 5070。类似上一代的 RTX 40 系列，英伟达也同时宣布了只支持 RTX 50

英伟达宣布了 GeForce RTX 50 系列显卡，共四个型号，5090、5080、5070 Ti 和 5070。类似上一代的 RTX 40 系列，英伟达也同时宣布了只支持 RTX 50 系列的 DLSS 4。在 DLSS 4 和 4 倍插帧的助力下，英伟达称 RTX 50 系列比 RTX 40 系列提升巨大。和上一代 RTX 4090 类似，英伟达这次也推出了旗舰显卡的中国特供版本 RTX 5090D，主要是大幅降低了其 AI 性能，以满足出口限制。5090D Tensor Core 的 AI 性能从原版 3352 TOPS 减少到 2375 TOPS，降低了三成，而 5080 的 AI 性能是 1801 TOPS。5090D 配备 32GB GDDR7 显存起售价 16499 元，5080 配备 16 GB GDDR7 起售价 8299 元，1 月 30 日上市。

A vulnerability was found in 10Web Form Maker Plugin up to 1.15.30 on WordPress. It has been classified as problematic. Affected is an unknown function of the component Setting Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10562. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.