Aggregator

A vulnerability, which was classified as critical, was found in MyWebServer 1.0.1/1.0.2. The impacted element is an unknown function of the component HTTP GET Request Handler. Executing manipulation can lead to memory corruption. This vulnerability is handled as CVE-2002-1003. The attack can be executed remotely. There is not any exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability was found in ArGoSoft Mail Server up to 1.8.1.7 and classified as problematic. This impacts an unknown function of the component Forward Email Handler. The manipulation results in infinite loop. This vulnerability was named CVE-2002-1005. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in BBC Education Betsie up to 1.5.11. It has been classified as problematic. Affected is an unknown function of the file parserl.pl. This manipulation causes basic cross site scripting. The identification of this vulnerability is CVE-2002-1006. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

全球变暖可能会影响以含糖饮料和冷冻甜品形式增加的添加糖摄入量，尤其是在社会经济地位较低的人群中。在12℃~30℃ 的范围内每升高 1℃，每人每天的添加糖摄入就会增加 0.70 克。研究结果提示应缓解在未来气候变化情景下与过量摄入添加糖有关的潜在健康风险。气温波动会影响人们的饮食选择。更热的天气会增加身体对补水的需求，通常导致人们更喜欢食用冰镇或加糖的产品。这种情况在习惯摄入更多高糖含量食物和饮料的地区尤其常见。过量摄入添加糖与肥胖、代谢疾病等其他健康风险有关。然而，气候变化如何影响饮食习惯，以及潜在的健康后果，一直不明确。为了评估天气状况如何影响添加糖摄入，卡迪夫大学的何盼和同事分析了 2004 年至 2019 年美国家庭的食品采购数据，并将这些数据与该地区的气象学数据进行比较，气象学数据包括气温、风速、降水和湿度。他们发现，添加糖摄入与 12-30°C 范围内的温度正相关。主要驱动因素为含糖饮料（如汽水和果汁）和冷冻甜品（如冰淇淋和意式冰淇淋）的摄入量更大。这种影响在收入或教育程度较低家庭中更显著。作者还预计，到 2095 年（或相当于比工业化前水平升高 5°C）全国每天的添加糖摄入可能会增加 2.99 克，而特定人群——包括女性、低收入和低教育程度群体——的风险会更高。

A vulnerability was found in binary-husky gpt_academic up to 3.91. It has been declared as problematic. Impacted is the function merge_tex_files_ of the file crazy_functions/latex_fns/latex_toolbox.py of the component LaTeX File Handler. Such manipulation of the argument \input{} leads to path traversal. This vulnerability is traded as CVE-2025-10236. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #640977 / VDB-323505

​脑洞大开就算了，竟然还真能发挥作用。

Кто победит в номинации “фейл года”?

科学家几十年以来一直认为地球最丰富的浮游植物原绿球藻（Prochloroccoccus）会受益于暖化的全球环境，然而根据发表在《Nature Microbiology》期刊上的一项研究，海洋暖化会危及原绿球藻的生存，作为全球食物网的关键物种，它的数量如果减少将会产生巨大影响。原绿球藻非常小（0.6 微米），属于光合超微型浮游植物，是地球最丰富的光合生物，是海洋主要的初级生产者，通过光合作用产生了地球约五分之一的氧气。它们将阳光和二氧化碳转化为海洋生态系统底层的食物，热带海洋近半数食物是由原绿球藻产生的，有数以百计的物种依赖于原绿球藻。根据最新研究，如果地表水温超过约 27.8 摄氏度，未来 75 年热带海洋中的原绿球藻种群数量可能会减少一半。

A vulnerability has been found in Google Android 11.0/12.0/13.0 and classified as critical. This issue affects the function startInstrumentation of the file ActivityManagerService.java. The manipulation leads to improper access controls. This vulnerability is documented as CVE-2023-21089. The attack needs to be performed locally. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 13.0. Affected by this vulnerability is the function parseUsesPermission of the file ParsingPackageUtils.java. Such manipulation leads to resource consumption. This vulnerability is documented as CVE-2023-21090. The attack needs to be performed locally. There is not any exploit available. It is best practice to apply a patch to resolve this issue.

A vulnerability identified as problematic has been detected in Google Android 11.0/12.0/13.0. The impacted element is an unknown function of the file PreferencesHelper.java. Performing manipulation results in denial of service. This vulnerability was named CVE-2023-21087. The attack needs to be approached locally. There is no available exploit. Applying a patch is the recommended action to fix this issue.

图片来源：各组提供

Scattered Spider didn't need a zero-day to breach Clorox. They just phoned the help desk—convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical. [...]

澳大利亚ACSC警告SonicWall SSL VPN漏洞CVE-2024-40766被利用，导致未授权访问和防火墙崩溃。影响多代设备，需更新固件、重置密码并启用MFA等措施应对威胁。

Kikimora Agent是一款AI驱动的网络安全管理平台，通过对话式AI和自动化工作流程简化资产监控、漏洞检测和合规报告生成。该平台专为中小企业、个人及学生设计，旨在降低复杂性和技能要求，并支持多种安全功能模块。

Sofia, Bulgaria, 10th September 2025, CyberNewsWire

As Kubernetes becomes the foundation of enterprise infrastructure, the underlying operating system must evolve alongside it.

A vulnerability was found in Scada-LTS up to 2.7.8.1. It has been classified as problematic. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. This vulnerability appears as CVE-2025-10235. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.