Aggregator

A vulnerability was found in TheCartPress eCommerce Shopping Cart up to 1.3.9.2 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the file wp-admin/admin.php. The manipulation of the argument tcp_box_path leads to path traversal. This vulnerability is handled as CVE-2015-3301. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Сингапур разоблачил теневую сеть торговли чипами.

A vulnerability was found in Add Widget After Content Plugin up to 2.4.6 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9892. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Social Share with Floating Bar Plugin up to 1.0.3 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-8790. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Branding Plugin up to 1.0 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component SVG File Upload Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9452. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Product Customizer Light Plugin up to 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-9848. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Parcel Pro Plugin up to 1.8.4 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9383. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Optin Cat GetResponse Forms Plugin up to 2.5.6 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-8740. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Suki Sites Import Plugin up to 1.2.1 on WordPress. Affected by this vulnerability is an unknown functionality of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-8916. The attack can be launched remotely. There is no exploit available.

A vulnerability has been found in DPD Baltic Shipping Plugin up to 1.2.83 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9350. The attack can be initiated remotely. There is no exploit available.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding CVE-2018-8639, a privilege escalation vulnerability in the Microsoft Windows Win32k component, which threat actors are actively exploiting to execute arbitrary code in kernel mode.  Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, this flaw underscores systemic risks in unpatched systems and the persistent […]

The post CISA Warns of Windows Win32k Vulnerability Exploited to Run Arbitrary code appeared first on Cyber Security News.

金融监管总局此前发布的《银行保险机构数据安全管理办法》，对银行保险业数据安全提出严格要求，体现了监管当局对金融数据安全治理的重视，也凸显了确保我国金融数据安全责任之重大、任务之紧迫。

意见反馈截止日期为2025年3月17日前。

鉴于目前DeepSeek等大模型的研究部署和应用非常广泛，多数用户使用Ollama私有化部署且未修改默认配置，存在数据泄露、算力盗取、服务中断等安全风险，极易引发网络和数据安全事件。

随着DeepSeek R1系列模型的发布，国内掀起新一轮人工智能的热潮，通信、互联网、汽车、能源、金融、医疗、科技等龙头企业纷纷宣布接入DeepSeek，人工智能大模型加速向各行各业渗透。