Aggregator

JetBrains推出优惠活动，用户可免费领取全家桶一年订阅，包含IntelliJ IDEA Ultimate等产品。领取需输入邮箱兑换并注册账户，激活后可取消订阅避免续费。兑换码已用尽。

A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument session leads to sql injection. This vulnerability is handled as CVE-2025-6915. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of the argument uname leads to sql injection. This vulnerability was named CVE-2025-6917. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in qodeinteractive Qi Addons for Elementor Plugin up to 1.9.1 on WordPress. This affects an unknown part. The manipulation of the argument several leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-6252. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Orkes Conductor up to 3.21.11. This affects an unknown part. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-26074. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in Flock Safety License Plate Reader up to 2.2. Affected by this vulnerability is an unknown functionality. The manipulation leads to use of hard-coded password. This vulnerability is known as CVE-2025-47823. It is possible to launch the attack on the physical device. There is no exploit available.

A vulnerability, which was classified as critical, was found in TB-eye XRN-410SN, XRN-810SN, XRN-1610SN, PRN-4011N, HRX-421FN, HRX-821, HRX-1621, HRX-435FN, HRX-835, HRX-1635, XRN-425SFN, XRN-426S, XRN-820S, XRN-1620S, XRN-3210R, XRN-6410R and XRN-6410DR. Affected is an unknown function. The manipulation leads to os command injection. This vulnerability is traded as CVE-2025-36529. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Game Users Share Buttons Plugin up to 1.3.0 on WordPress and classified as critical. Affected by this issue is the function ajaxDeleteTheme. The manipulation of the argument themeNameId leads to path traversal. This vulnerability is handled as CVE-2025-6755. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-6937. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Flock Safety Gunshot Detection up to 1.2 and classified as critical. This vulnerability affects unknown code. The manipulation leads to on-chip debug and test interface with improper access control. This vulnerability was named CVE-2025-47819. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

这篇文章介绍了错误代码521的原因及解决方法。该错误通常由DNS服务器问题或网络配置错误引起。常见解决方法包括检查网络连接、重启路由器、清除DNS缓存以及联系ISP或技术支持以排查更严重的问题。

HackerNews 编译，转载请注明出处： 丹麦政府计划修订版权法，赋予公民对其身体、面部特征及声音的专属权利，以打击AI生成的深度伪造内容。这项被认为是欧洲首创的立法已获议会九成议员支持，将于夏季休会前启动公众咨询，秋季正式提交修正案。 文化部长雅各布·恩格尔-施密特（Jakob Engel-Schmidt）强调，新法案旨在明确个人对自身生物特征数据的所有权。他直言：“现行法律未能有效保护民众免受生成式AI的侵害，人类正被置于数字复印机中遭到滥用，我绝不容忍这种现象。” 新法核心条款包括： 删除权保障：公民可要求平台下架未经同意分享的深度伪造内容。 艺术表演保护：禁止未经许可制作“逼真数字仿制的艺术表演”，违者需赔偿受害者。 例外情形：戏仿与讽刺作品不受新规限制，创作自由仍受保护。 针对科技平台合规性，恩格尔-施密特警告拒不配合者将面临“严厉罚款”，并计划在丹麦即将接任欧盟轮值主席国期间，向各成员国推广此立法模式。他透露：“若平台消极应对，欧盟委员会或将介入处理。”       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文  

A vulnerability was found in ARM mbed TLS up to 2.16.11/2.27.x/3.0.0 and classified as critical. This issue affects the function mbedtls_ssl_set_session. The manipulation leads to double free. The identification of this vulnerability is CVE-2021-44732. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in mbed TLS up to 2.28.1/3.2.x. Affected by this vulnerability is an unknown functionality of the component RSA Private Key Handler. The manipulation of the argument MBEDTLS_MPI_WINDOW_SIZE leads to information exposure through discrepancy. This vulnerability is known as CVE-2022-46392. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in ARM Mbed TLS 2.24.0. This vulnerability affects unknown code of the component BASE64 PEM File Decoding. The manipulation leads to information exposure through discrepancy. This vulnerability was named CVE-2021-24119. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in ARM mbed TLS up to 3.0.0 and classified as problematic. Affected by this issue is the function mbedtls_pkcs12_derivation of the component Password Length Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2021-43666. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Mbed TLS up to 2.16.10/2.26.x. Affected by this vulnerability is the function mbedtls_mpi_exp_mod of the file lignum.c. The manipulation leads to risky cryptographic algorithm. This vulnerability is known as CVE-2021-36647. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

苹果计划推出搭载A18 Pro芯片的13英寸MacBook入门款设备，价格更低且适合简单办公和网页浏览任务。该设备预计于年底或明年年初上市，并将与Windows PC和Chromebook竞争教育及中低端市场。

文章描述了错误代码521的原因及解决方法。

HackerNews 编译，转载请注明出处： 美国网络安全和基础设施安全局（CISA）已将编号为 CVE-2025-6543 的 Citrix NetScaler 漏洞纳入其 已知被利用漏洞目录（KEV Catalog）。该漏洞为内存溢出类型（CVSS 评分 9.2），当 NetScaler ADC 或 NetScaler Gateway 配置为网关（含 VPN 虚拟服务器、ICA 代理、CVPN、RDP 代理）或 AAA 虚拟服务器时，可能引发非预期控制流并导致服务拒绝（DoS），破坏系统可用性。 受影响版本包括： NetScaler ADC 13.1-FIPS 及 NDcPP 版本低于 13.1-37.236-FIPS and NDcPP NetScaler ADC 与 Gateway 14.1 版本低于 14.1-47.46 NetScaler ADC 与 Gateway 13.1 版本低于 13.1-59.19 根据 BOD 22-01 指令（降低已知被利用漏洞重大风险），联邦民事行政部门（FCEB）机构需在截止日期前修复漏洞以防范攻击。CISA 要求联邦机构最晚于 2025 年 7 月 21 日完成修复，同时强烈建议私营企业自查并修复此漏洞。 历史关联行动： 2024 年 1 月，CISA 曾将另两个 Citrix NetScaler 漏洞 CVE-2023-6548（代码注入）和 CVE-2023-6549（缓冲区溢出）纳入 KEV 目录。Citrix 当时警告称，未修复设备上已发现针对这两项零日漏洞的攻击，敦促用户立即安装更新版本。       消息来源： securityaffairs； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文