Aggregator

Linux 内核开发者在邮件列表上继续围绕是否合并 Rust 代码展开辩论。DMA 映射助手维护者 Christoph Hellwig 是坚定的反 Rust 派，他认为内核引入 Rust 代码会创造碎片化，增加维护者的负担。对于 Miguel Ojeda 创建的 rust 内核政策网页，Hellwig 认为没有什么用，他说 Linus Torvalds 曾私下表示会不顾维护者的反对意见合并 Rust 代码。所以到目前为止，作为一名 Linux 开发者或维护者，无论是否愿意，都必须与 Rust 打交道。现在的规则是 Linus 能强迫你做任何他想做的事（Linux 显然是他的项目），“我认为他需要非常清楚的说出来，包括对贡献者的期望。”

俄罗斯APT组织滥用Signal“关联设备”功能，通过恶意二维码劫持账户，窃听安全对话，威胁乌克兰军方及个人用户，攻击手法或将扩展至其他通讯平台。

The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links,

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]

A vulnerability was found in yaycommerce YaySMTP and Email Logs Plugin up to 2.6.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function wp_kses_post of the component Any SMTP Service. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2025-0916. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in enituretechnology Small Package Quotes Plugin up to 5.2.18 on WordPress and classified as critical. This issue affects some unknown processing. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. The identification of this vulnerability is CVE-2024-13534. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in enituretechnology Small Package Quotes Plugin up to 1.3.5 on WordPress. It has been classified as critical. Affected is an unknown function. The manipulation of the argument edit_id leads to sql injection. This vulnerability is traded as CVE-2024-13533. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in xpeedstudio ElementsKit Elementor Addons Plugin up to 3.4.0 on WordPress and classified as critical. This vulnerability affects the function get_megamenu_content. The manipulation leads to improper access controls. This vulnerability was named CVE-2025-0968. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in enituretechnology Small Package Quotes Plugin up to 4.3.1 on WordPress. This affects an unknown part. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is uniquely identified as CVE-2024-13491. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in enituretechnology LTL Freight Quotes Plugin up to 3.3.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is handled as CVE-2024-13485. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in enituretechnology LTL Freight Quotes Plugin up to 2.2.10 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is known as CVE-2024-13483. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in enituretechnology LTL Freight Quotes Plugin up to 3.3.4 on WordPress. Affected is an unknown function. The manipulation of the argument edit_id/dropship_edit_id leads to sql injection. This vulnerability is traded as CVE-2024-13481. It is possible to launch the attack remotely. There is no exploit available.