Aggregator

A vulnerability was found in Pagure. It has been rated as critical. Affected by this issue is the function _update_file_in_git of the component Temporary Clone Handler. The manipulation leads to symlink following. This vulnerability is handled as CVE-2024-4981. The attack needs to be done within the local network. There is no exploit available.

A vulnerability was found in Cisco Prime Access Registrar and classified as problematic. Affected by this issue is some unknown functionality of the component Web-based Management Interface. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2022-20626. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Webex Meetings. It has been declared as problematic. This vulnerability affects unknown code of the component Web-based Interface. The manipulation leads to basic cross site scripting. This vulnerability was named CVE-2022-20654. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Cisco Data Center Network Manager 12.1.2e/12.1.2p/12.1.3b. It has been rated as critical. This issue affects some unknown processing of the component Web-based Management Interface/REST API Endpoint. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2024-20536. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.

谷歌 Gemini 推出新功能，用户可通过简单描述记忆或创意生成包含精美插画和旁白音频的10页故事书。该工具支持高度自定义，可上传照片、文件或从 Gemini 获取灵感。生成时间仅需约1分钟，适用于为儿童或成人创作绘本，并可通过 Gemini 网页版轻松创建。

无论过去发生过什么，你都要相信，最好的尚未到来现在来聊聊这10个内网穿透工具，它们既包括免费开源的，也有咱国

当前环境出现异常,需完成验证后方可继续访问。

HTTP/1.1协议存在致命漏洞，数千万网站面临恶意接管风险。攻击者利用去同步化技术构造恶意请求，导致反向代理与后端服务器解析分歧，引发数据泄露、代码注入等严重后果。升级至HTTP/2是唯一解决方案，但主流厂商尚未支持HTTP/2上游连接，网站仍暴露风险中。

当前环境出现异常,需完成验证后方可继续访问。

特朗普与苹果公司将宣布新增 1000 亿美元美国投资；理想 i8 碰撞测试事件三方联合声明；全新小鹏 P7 预售 6 分 37 秒，小订突破 10000 台

当前环境出现异常，需完成验证后方可继续访问。

“钓鱼”网站的“潮汐”规律

文章指出当前环境异常，需完成验证后才能继续访问。

2025年9月5日，CSOP 深圳站议程公开！

ProtectMyTooling A script that wraps around a multitude of packers, protectors, obfuscators, shellcode loaders, encoders, and generators to produce complex protected Red Team implants. Your perfect companion in Malware Development CI/CD pipeline, helping watermark...

The post ProtectMyTooling: Multi-Packer wrapper letting us daisy-chain various packers, obfuscators appeared first on Penetration Testing Tools.

在三个月的数据收集期间，DShield传感器发现巴拿马来源占总攻击流量的65%以上。进一步分析显示这些攻击来自NForce Entertainment B.V.的/24子网及ASN 43350。该ISP常出租IP给高风险VPN和代理服务，并与钓鱼、恶意软件活动相关联。建议网络防御者采取措施包括标记特定流量、阻止远程桌面协议、监控SSH活动及部署Web应用防火墙以应对威胁。

大疆发布ROMO扫拖机器人，售价4399元起；OpenAI推出开源GPT模型；Anthropic升级Claude Opus 4.1；CHERRY推出三款KW系列键盘。

A vulnerability was found in Moodle up to 4.1.15/4.3.9/4.4.5/4.5.1. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2025-26531. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Couchbase Sync Gateway up to 3.2.5. Affected by this issue is some unknown functionality of the file sgcollect_info_options.log. The manipulation leads to missing encryption of sensitive data. This vulnerability is handled as CVE-2025-52490. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.