Aggregator

A vulnerability was found in Onlinetools.org PHPImageView 1.0 and classified as problematic. The affected element is an unknown function of the file phpimageview.php. Executing manipulation of the argument pic can lead to basic cross site scripting. This vulnerability is handled as CVE-2002-1724. The attack can be executed remotely. There is not any exploit available.

文章描述了一位已知系统密码但缺乏用户名和IP信息的人，在同一WiFi网络下进行道德黑客攻击的情况，且目标已同意。

A vulnerability labeled as problematic has been found in Apache Guacamole up to 1.5.3. This affects an unknown function of the component VNC Handler. The manipulation results in integer overflow. This vulnerability is cataloged as CVE-2023-43826. The attack may be launched remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in GitLab Community Edition and Enterprise Edition up to 18.2.1. Affected is an unknown function. The manipulation results in basic cross site scripting. This vulnerability is reported as CVE-2025-7739. The attack can be launched remotely. No exploit exists. The affected component should be upgraded.

南方电网数字电网集团有限公司是南方电网公司全资子公司，注册资本30亿元，定位为数字电网领域冠军企业及创新平台。现面向内外招聘254人，涉及146个岗位。应聘者需满足基本条件、资格条件及岗位要求，并通过公告报名、简历筛选等程序择优录用。

当前环境出现异常,需完成验证后方可继续访问。

黑产武器库升级版亮相FightFraudCon2025，现场解锁AI诈骗、远程盗刷、充电宝泄密等攻击模式，9.17北京见！

Две дыры в PARTS SOFT CMS связаны и усиливают опасность атак.

A vulnerability, which was classified as problematic, was found in GitLab Community Edition and Enterprise Edition up to 18.1.3/18.2.1. This affects an unknown part. Executing manipulation can lead to basic cross site scripting. The identification of this vulnerability is CVE-2025-6186. The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.

英国实施严格年龄验证后，合法成人网站流量下降，用户转向非法平台。数据显示部分未完善验证机制的网站流量激增。新规要求用户提供身份证明以访问合法内容，但大量用户不愿配合并使用VPN规避限制。

A vulnerability described as critical has been identified in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. This vulnerability appears as CVE-2025-9812. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Google Android 10.0/11.0/12.0/13.0. The impacted element is an unknown function of the file SettingsState.java. The manipulation leads to resource consumption. This vulnerability is traded as CVE-2023-20908. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Google Android 12.0/13.0 and classified as problematic. Affected by this issue is the function getTrampolineIntent of the file SettingsActivity.java. Performing manipulation results in Local Privilege Escalation. This vulnerability is known as CVE-2023-20904. Attacking locally is a requirement. No exploit is available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 10.0 and classified as critical. This affects the function Mfc_Transceive of the file phNxpExtns_MifareStd.cpp. Executing manipulation can lead to out-of-bounds write. This vulnerability is handled as CVE-2023-20905. It is possible to launch the attack on the local host. There is not any exploit available. Applying a patch is advised to resolve this issue.

Apple秋季发布会将于北京时间9月10日凌晨举行，深圳和广州将举办线下观影活动，包含新品发布、交流环节及抽奖。门票59.9元，限50人，并有会员优惠。

立即查看详情 →

A vulnerability was found in Brokenbytes PhotoDB 1.4. It has been declared as critical. This affects an unknown function of the file secure_inc.php of the component Authentication. The manipulation of the argument Time results in improper authentication. This vulnerability was named CVE-2002-1726. The attack may be performed from remote. There is no available exploit.

A vulnerability identified as problematic has been detected in ASPjar Guestbook 1.0. Affected by this vulnerability is an unknown functionality. Performing manipulation of the argument web site results in basic cross site scripting. This vulnerability is identified as CVE-2002-1729. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Alt-N MDaemon up to 5.0.5 and classified as critical. This impacts an unknown function. The manipulation of the argument Password with the input MServer results in hard-coded credentials. This vulnerability is known as CVE-2002-1738. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

黑客组织Scattered LapSus Hunters威胁谷歌解雇两名安全研究人员并停止调查其组织，否则将泄露谷歌数据库。但近期未发生严重安全事故，且无证据支持威胁真实性，谷歌未回应。