Aggregator

A vulnerability has been found in astral-sh uv up to 0.8.5 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to interpretation conflict. This vulnerability is known as CVE-2025-54368. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Google 在今年 6 月披露了一种针对 Salesforce 账号的新骗局，两个月后搜索巨人报告它也成为了该骗局的受害者。该骗局是一种社会工程攻击，攻击者滥用了 Salesforce 的一项功能，该功能允许客户关联账户与第三方应用，将数据与用于博客、地图工具和类似资源的内部系统集成。攻击者伪装成 IT 部门直接联络目标要求访问权限，攻击者指示公司员工将外部应用连接到 Salesforce 实例，之后攻击者会要求员工输入 Salesforce 界面的八位数安全码。攻击者随后使用安全码访问该实例及其中存储的所有数据，窃取数据之后高价出售给买家。遭到此类骗局的知名公司包括了阿迪达斯、澳洲航空、安联人寿、思科，LVMH 旗下奢侈品牌路易威登、迪奥和蒂芙尼，现在还有 Google。Google 本周表示它的 Salesforce 实例遭到类似骗局的攻击，数据被窃取。攻击发生在六月份，Google 现在才披露，可能是因为最近才发现，它表示攻击者窃取的大部分数据都是公开的非机密信息。

A vulnerability has been found in Mitel MiCollab up to 10.0 SP1 FP1 and classified as critical. This vulnerability affects unknown code of the component Suite Applications Services. The manipulation leads to sql injection. This vulnerability was named CVE-2025-52914. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Mitel MiCollab up to 9.8 SP2. This affects an unknown part of the component NuPoint Unified Messaging. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2025-52913. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in International Components for Unicode. It has been rated as critical. Affected by this issue is the function utext_setNativeIndex. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2017-7867. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in International Components for Unicode. This affects the function utext_moveIndex32. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2017-7868. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in libblockdev and classified as critical. This issue affects some unknown processing of the component udisks. The manipulation leads to execution with unnecessary privileges. The identification of this vulnerability is CVE-2025-6019. Local access is required to approach this attack. There is no exploit available.

Sixty malicious Ruby gems containing credential-stealing code have been downloaded over 275,000 times since March 2023, targeting developer accounts. [...]

A vulnerability was found in FoxCMS up to 1.2.5 and classified as critical. This issue affects some unknown processing of the file admin/template_file/editFile.html. The manipulation leads to code injection. The identification of this vulnerability is CVE-2025-50692. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in XODA 0.4.5 and classified as critical. Affected by this issue is the function Upload of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2012-10045. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Zenoss Core 3.x. It has been declared as critical. Affected by this vulnerability is the function Popen of the file ZenossInfo.py of the component showdaemonXMLConfig Endpoint. The manipulation of the argument daemon leads to path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2012-10048. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in WPO WebPageTest up to 2.6. Affected is an unknown function of the file resultimage.php. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2012-10049. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/25.1 RTM1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to use after free. This vulnerability is handled as CVE-2025-46709. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Imagination Graphics DDK up to 1.15 RTM/1.17 RTM/1.18 RTM/24.3 RTM/25.1 RTM0. This affects an unknown part of the component Trusted Execution Environment. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is uniquely identified as CVE-2025-6573. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

某NET窃密样本动态去混淆解密分析

白矮星通常是类太阳恒星在燃料耗尽之后塌缩留下的致密核心，质量通常为太阳的一半，最高不超过 1.44 倍太阳质量，超过这一上限会爆炸或塌缩成中子星。大质量白矮星 WD 0525+526 质量是太阳的 1.2 倍，研究发现它并非是恒星塌缩而是双星合并的结果。WD 0525+526 与其它白矮星不同之处包括大气中有微弱的碳信号，低碳含量以及超高温（表面温度约太阳的四倍）表明这颗白矮星处于合并后演化较早的阶段。

这篇文章探讨了Dell ControlVault的安全漏洞及其潜在风险。研究者通过分析ControlVault的固件和通信机制，发现了多个漏洞，包括未加密的固件、堆溢出和栈溢出等问题。这些漏洞可能导致本地权限提升或绕过指纹验证。文章还展示了如何通过篡改固件实现系统级攻击，并讨论了物理攻击的可能性。最终强调了硬件安全解决方案的复杂性和潜在风险。

探讨如何利用逆向工程在Windows平台创业的方法和商业机会。

数字取证科学涉及从数字设备中恢复和调查材料，主要用于计算机犯罪调查。该领域应用信息安全原则，通过审计流程进行归属和事件重建。相关社区不仅限于个人电脑，还包括手机、视频等多种媒体。

A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-8815. It is possible to launch the attack remotely. Furthermore, there is an exploit available. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.