通过两字节修改实现的Windows内核函数Hook框架
看雪论坛作者ID:restme
Aggregator
印度严重的空气污染无意中起到了降温作用
10 months 2 weeks ago
印度面临一个矛盾的选择。过去十年是印度有记录以来最热的十年,但它每十年平均气温只上升 0.09C,相比下全球是 0.30C。原因是印度严重的空气污染无意中起到了降温作用,污染空气阻挡了太阳辐射,增加了云层的反射率。如果加大措施清洁空气,将会加大气温上升幅度,而热浪在日益加剧。印度至今只有十分之一的家庭安装有空调,相比下中国和马来西亚的空调比例分别为三分之二和五分之四。与此同时,印度的制冷系统在热浪期间占电力总需求的五分之一,大部分电力由燃煤火电厂提供,这又加剧了印度的污染问题。
CVE-2025-4659 | Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms Plugin information disclosure
10 months 2 weeks ago
A vulnerability classified as problematic was found in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms Plugin up to 1.4.4 on WordPress. This vulnerability affects unknown code. The manipulation leads to information disclosure.
This vulnerability was named CVE-2025-4659. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2025-5259 | Minimal Share Buttons Plugin up to 1.7.3 on WordPress align cross site scripting
10 months 2 weeks ago
A vulnerability has been found in Minimal Share Buttons Plugin up to 1.7.3 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument align leads to cross site scripting.
This vulnerability is known as CVE-2025-5259. The attack can be launched remotely. There is no exploit available.
vuldb.com
CVE-2025-48865 | Fabio up to 1.6.5 Header data authenticity
10 months 2 weeks ago
A vulnerability was found in Fabio up to 1.6.5. It has been classified as critical. This affects an unknown part of the component Header Handler. The manipulation leads to insufficient verification of data authenticity.
This vulnerability is uniquely identified as CVE-2025-48865. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-46352 | Consilium Safety CS5000 Fire Panel VNC Server hard-coded credentials (icsa-25-148-03)
10 months 2 weeks ago
A vulnerability classified as very critical has been found in Consilium Safety CS5000 Fire Panel. Affected is an unknown function of the component VNC Server. The manipulation leads to hard-coded credentials.
This vulnerability is traded as CVE-2025-46352. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-5236 | NinjaTeam Chat for Telegram Plugin up to 1.1 on WordPress Username cross site scripting
10 months 2 weeks ago
A vulnerability classified as problematic has been found in NinjaTeam Chat for Telegram Plugin up to 1.1 on WordPress. Affected is an unknown function. The manipulation of the argument Username leads to cross site scripting.
This vulnerability is traded as CVE-2025-5236. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-48491 | aryan6673 project-ai prior pre-beta API Key hard-coded credentials
10 months 2 weeks ago
A vulnerability classified as critical has been found in aryan6673 project-ai. This affects an unknown part of the component API Key. The manipulation leads to hard-coded credentials.
This vulnerability is uniquely identified as CVE-2025-48491. It is possible to initiate the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-48490 | Lomkit laravel-rest-api up to 2.12.x improper authorization (GHSA-69rh-hccr-cxrj)
10 months 2 weeks ago
A vulnerability, which was classified as critical, was found in Lomkit laravel-rest-api up to 2.12.x. Affected is an unknown function. The manipulation leads to improper authorization.
This vulnerability is traded as CVE-2025-48490. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2025-4695 | PHPGurukul/Campcodes Cyber Cafe Management System 1.0 /add-users.php uadd sql injection (EUVD-2025-15153)
10 months 2 weeks ago
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection.
This vulnerability is traded as CVE-2025-4695. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
NightSpire
10 months 2 weeks ago
You must login to view this content
cohenido
Safari Flaw Exploited by BitM Attack to Steal User Login Data
10 months 2 weeks ago
A new wave of phishing attacks, known as Fullscreen Browser-in-the-Middle (BitM) attacks, is exploiting browser features to steal user credentials with unprecedented stealth. Unlike traditional phishing, which relies on fake websites and visible clues, BitM attacks leverage remote browser sessions and the Fullscreen API to create convincing overlays that mask all browser interface elements, including […]
The post Safari Flaw Exploited by BitM Attack to Steal User Login Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya
YouTube могут вернуть в Россию: названы условия
10 months 2 weeks ago
Кнопка «плей» в России не нажмётся без оплаты долгов.
微软 OneDrive File Picker缺陷导致应用获取完整的云访问权限
10 months 2 weeks ago
暂无修复方案
苹果Safari 漏洞使用户易遭全屏中间浏览器攻击
10 months 2 weeks ago
速修复
Уроки литературы — ИИ пишет сочинения, уроки жизни — ломает детскую психику
10 months 2 weeks ago
Подростки «нюдифайят» друг друга, а взрослые не знают, что делать.
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
10 months 2 weeks ago
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is enabled, allows attackers to exploit the development server via Cross-site WebSocket Hijacking (CSWSH), potentially exposing sensitive application source code. The issue has been addressed in version 15.2.2, but […]
The post Next.js Dev Server Vulnerability Leads to Developer Data Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Anupriya
白宫的健康报告被发现部分内容是大模型生成的
10 months 2 weeks ago
白宫“Make America Healthy Again”委员会上周发布了一份报告,声称为一系列儿童健康问题提供了“清晰的、基于证据的基础”。然而报告被发现援引了一系列不存在研究,显而易见是大模型生成的。本周四白宫更新了报告修正了内容。Retraction Watch 联合创始人 Ivan Oransky 博士表示,假的参考文献并不意味着报告中的基本事实是不正确的,但此事表明在报告发布之前,缺乏对报告及其参考文献的严格审查和核实。美国现任卫生部长是反疫苗者,而白宫的这份报告也声称部分儿童疫苗可能是有害的——医生对此观点表达了异议。
CVE-2025-5365 | Campcodes Online Hospital Management System 1.0 patient-search.php searchdata sql injection
10 months 2 weeks ago
A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-5365. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-5364 | Campcodes Online Hospital Management System 1.0 /doctor/add-patient.php patname sql injection
10 months 2 weeks ago
A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection.
This vulnerability is handled as CVE-2025-5364. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com