Aggregator

一系列蛙军研究我军的资料。

著名自由软件相关法务博客 Groklaw 在停止更新十多年后变成了一个推销加密货币的网站。Groklaw 曾经记录了开源自由软件历史上著名的法律事件如 SCO 诉讼，以及软件专利、标准、授权等相关主题的内容，如今在加密货币产品的广告中间只有部分内容仍然保留着，其它内容都被替换了，自由软件历史的一个重要组成部分被破坏了。在数字时代，有些东西只有失去了我们才注意到其重要性，记录历史的互联网档案馆是某种单点故障，也可能在有一天消失。保护数字历史是目前的一大紧迫任务。

A vulnerability was found in Scholl Communications AG Weblication CMS 019.004.000.000. It has been rated as problematic. The impacted element is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-52161. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Smart Search & Filter Shopify App 1.0. It has been declared as problematic. The affected element is an unknown function. Executing manipulation of the argument filter can lead to cross site scripting. This vulnerability appears as CVE-2025-55998. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in MLEHMANN JSON::XS up to 4.03 on Perl. It has been classified as critical. Impacted is an unknown function. Performing manipulation results in heap-based buffer overflow. This vulnerability is reported as CVE-2025-40928. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

A vulnerability was found in PJUHASZ JSON::SIMD up to 1.06 on Perl and classified as critical. This issue affects some unknown processing. Such manipulation leads to heap-based buffer overflow. This vulnerability is documented as CVE-2025-40930. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in RURBAN Cpanel::JSON::XS up to 4.39 on Perl and classified as critical. This vulnerability affects unknown code. This manipulation causes heap-based buffer overflow. This vulnerability is registered as CVE-2025-40929. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Microsoft Windows up to Server 2025. This affects an unknown part of the component WDAC Policy. The manipulation results in incomplete blacklist. This vulnerability is cataloged as CVE-2025-59033. The attack may be launched remotely. There is no exploit available. The existence of this vulnerability is still disputed at present.

A vulnerability, which was classified as critical, has been found in Microsoft Windows. Affected by this issue is some unknown functionality of the component On-Endpoint Vulnerable Driver Handler. The manipulation leads to incomplete blacklist. This vulnerability is listed as CVE-2022-50238. The attack must be carried out locally. There is no available exploit. The actual existence of this vulnerability is currently in question.

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. It's currently not known how the digital intruders gained access to the GitHub account.

A vulnerability classified as critical was found in D-Link DIR-823X up to 250416. Affected by this vulnerability is the function sub_415028 of the file /goform/set_static_leases. Executing manipulation of the argument Hostname can lead to command injection. This vulnerability is tracked as CVE-2025-10123. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as critical has been found in Maccms10 2025.1000.4050. Affected is the function rep of the file application/admin/controller/Database.php. Performing manipulation of the argument where results in sql injection. This vulnerability is identified as CVE-2025-10122. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #645712 / VDB-323093

Submit #645702 / VDB-323092

A vulnerability described as critical has been identified in ruisibi rsbi-os 4.7. This impacts an unknown function of the file /rsbi/model/testDataSource.action of the component sqlite-jdbc. Such manipulation leads to privilege escalation. This vulnerability is referenced as CVE-2025-57141. It is possible to launch the attack remotely. No exploit is available.

过量饮酒损害肝脏已非秘密。根据发表在《自然》期刊上的一项研究，长期饮酒还会帮助肠道细菌更容易攻击肝脏。加州圣迭戈的研究人员分析了人类肝组织活检样本和酒精相关肝病的小鼠模型，发现长期饮酒会损害小肠中名为 mAChR4 的细胞信号传导蛋白的产生，而低水平的 mAChR4 会干扰名为 goblet cell-associated antigen passages(GAPs)通道的形成，GAP 通道对引导免疫系统对微生物——尤其是从肠道逃逸到人体其它器官的微生物——做出响应上起到重要作用。研究人员发现，如果恢复 mAChR4 的功能，GAP 通道会再次形成，有助于修复免疫系统对肠道细菌的反应，从而能减轻对肝脏的损害。

Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers

A vulnerability marked as critical has been reported in uverif up to 3.2. This affects the function addbatch of the file /admin/kami_list. This manipulation of the argument note causes sql injection. The identification of this vulnerability is CVE-2025-10121. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.