Aggregator

Взломать iPhone больше не получится. Совсем. Наверное.

Microsoft announced that, starting today, individual Windows developers will no longer have to pay for publishing their applications on the Microsoft Store. [...]

Pixel 10 adds C2PA to camera and Photos, helping users verify authenticity and spot AI-generated or altered images. Pixel 10 integrates C2PA Content Credentials into the camera and Photos, allowing users to verify whether images are real or AI-generated, or edited. The company announced the integration of the new feature during the Made by Google […]

The threats may not be malicious, but they are more than many security teams can handle.

A vulnerability classified as problematic has been found in TransWARE Active! Mail 1.422/2.0. This impacts an unknown function of the component Mail Header Handler. Performing manipulation results in basic cross site scripting. This vulnerability is known as CVE-2002-0950. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as problematic has been discovered in Splatt Forum 3.0. The impacted element is an unknown function of the component IMG Tag Handler. The manipulation results in basic cross site scripting. This vulnerability is cataloged as CVE-2002-0959. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in PGP Address up to 0.2. Affected by this issue is some unknown functionality of the file globals.php. The manipulation of the argument LangCookie results in improper privilege management. This vulnerability was named CVE-2002-0953. The attack may be performed from remote. In addition, an exploit is available. You should upgrade the affected component.

A vulnerability described as critical has been identified in Telindus ADSL Router 1110. This affects an unknown function of the component UDP Service. Such manipulation leads to information disclosure (Password). This vulnerability is traded as CVE-2002-0949. The attack may be launched remotely. Furthermore, there is an exploit available.

pickle配合types.CodeType实现接管任意函数，修改函数任意代码逻辑（类似内存马

A vulnerability classified as critical was found in Oracle9i 9.0/9.0.1/9.0.2. This affects an unknown part of the component TNS Listener. The manipulation of the argument SERVICE_NAME results in memory corruption. This vulnerability is known as CVE-2002-0965. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in AnalogX SimpleServer:WWW up to 1.16 and classified as critical. Impacted is an unknown function of the component HTTP Method Handler. Performing manipulation results in memory corruption. This vulnerability was named CVE-2002-0968. The attack may be initiated remotely. In addition, an exploit is available. The affected component should be upgraded.

A vulnerability was found in PHP up to 4.2.2 and classified as critical. This issue affects the function mail of the component ASCII Control Character Handler. The manipulation results in improper privilege management. This vulnerability is reported as CVE-2002-0986. The attack can be launched remotely. Moreover, an exploit is present. It is suggested to upgrade the affected component.

The largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it. [...]

Кажется, обычные бактерии только что уделали физиков из лучших лабораторий мира.

A vulnerability categorized as problematic has been discovered in Cisco Evolved Programmable Network Manager and Prime Infrastructure. This impacts an unknown function of the component Web-based Management Interface. Such manipulation leads to file inclusion. This vulnerability is documented as CVE-2025-20269. The attack can be executed remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in michaelliao itranswarp up to 2.19. This issue affects the function doFilter. This manipulation causes improper access controls. This vulnerability appears as CVE-2025-28041. The attacker needs to be present on the local network. There is no available exploit.

A vulnerability has been found in O2OA up to 10.0-410 and classified as problematic. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-9680. The attack can be initiated remotely. Additionally, an exploit exists. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."

A vulnerability has been found in GalleryVault Gallery Vault App up to 4.5.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.thinkyeah.galleryvault. The manipulation leads to improper export of android application components. This vulnerability is referenced as CVE-2025-9695. The attack can only be performed from a local environment. Furthermore, an exploit is available.