Aggregator

我们精选了本周知识大陆公开发布的10条优质资源，让我们一起看看吧。

A vulnerability, which was classified as problematic, was found in Drag & Drop Builder Plugin up to 1.4.19 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11436. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in 코드엠샵 소셜톡 Plugin up to 1.2.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11904. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in CardGate Payments for WooCommerce Plugin up to 3.2.1 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-12257. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in 워드프레스 결제 심플페이 우커머스 결제 플러그인 Plugin up to 5.2.2 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation of the argument add_query_arg leads to cross site scripting. This vulnerability was named CVE-2024-11943. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/search-medicalcard.php. The manipulation of the argument searchdata leads to cross site scripting. This vulnerability is handled as CVE-2024-48703. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Jirafeau up to 4.6.0. Affected is an unknown function of the component SVG File Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-12326. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple

2021 年 12 月底，山东济宁市第一人民医院发表了一份通报，称对 35 名涉嫌论文造假的研究人员进行了处罚。该医院的年轻医生从论文工厂购买了假论文以满足工作和获得更高职称的要求。《自然》新闻团队的调查发现，济宁市第一人民医院是全世界撤稿率最高的机构。从 2014 年到 2024 年，该医院发表的论文中超过 100 篇占 其总数的 5% 被撤稿。这一撤稿率比全中国的平均撤稿率高出一个数量级，是全世界平均水平的 50 倍。撤稿率前十的机构有七家来自中国，其中包括第二的河北沧州中心医院、第三的河南大学淮河医院、第五的潍坊人民医院、第六的临沂人民医院、第八的新乡医学院第一附属医院、第九的齐齐哈尔医学院。其它三家机构来自印度、巴基斯坦和埃塞俄比亚。

Компания внедряет технологию неотключаемой идентификации.

A vulnerability was found in Microsoft Internet Explorer 5.0. It has been declared as critical. This vulnerability affects unknown code of the component Eyedog ActiveX Control. The manipulation leads to improper privilege management. This vulnerability was named CVE-1999-0669. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the

总结推荐了本周的热点资讯、一周好文，保证大家不错过本周的每一个重点！

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released seven Industrial Control Systems (ICS) advisories on February 20, 2025, addressing critical vulnerabilities in products from ABB, Siemens, Mitsubishi Electric, and other industrial technology providers. These advisories underscore escalating risks to operational technology (OT) environments, where flaws in safety controllers, human-machine interfaces (HMIs), and protocol analyzers […]

The post CISA Issues Seven ICS Advisories Highlighting Critical Vulnerabilities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.