Aggregator

很多读者都会好奇少数派的编辑们到底平时都「买了啥」。我们希望通过「编辑部的新玩意」介绍编辑部成员们最近在用的新奇产品，让他们自己来谈谈这些新玩意的使用体验究竟如何。内容声明：《新玩意》栏目如含有商务内

A vulnerability was found in withastro astro up to 4.16.17/5.13.1. It has been declared as problematic. This impacts an unknown function of the file /_image of the component Image Optimization Endpoint. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-55303. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Subrion CMS 4.2.1. Impacted is an unknown function of the component SQL Query Feature. The manipulation results in authorization bypass through user-controlled sql primary key. This vulnerability is cataloged as CVE-2025-56556. The attack may be launched remotely. There is no exploit available.

A vulnerability identified as critical has been detected in withastro astro up to 5.15.7. Affected by this issue is the function decodeURI. This manipulation causes path traversal. This vulnerability is handled as CVE-2025-64765. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability described as problematic has been identified in withastro astro up to 5.15.8. This issue affects the function isRemoteAllowed of the component Image Optimization Endpoint. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-65019. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Как Европарламент решил переделать интернет ради детей.

Shona Lester, head of the Cyber Security and Resilience Bill team within the UK government, outlined some of the provisions that should be included in the future law

A vulnerability was found in Apple iOS and iPadOS up to 16.3.1. It has been rated as problematic. This impacts an unknown function of the component Identity Services. Performing manipulation results in information disclosure. This vulnerability was named CVE-2023-27928. The attack needs to be approached locally. There is no available exploit. Upgrading the affected component is advised.

A vulnerability has been found in Vektor VK Blocks Plugin and VK Blocks Pro Plugin up to 1.53.0.1 on WordPress and classified as problematic. Affected is an unknown function. Performing manipulation results in cross site scripting. This vulnerability is identified as CVE-2023-27925. The attack can be initiated remotely. There is not any exploit available. The affected component should be upgraded.

A vulnerability was found in Vektor VK All in One Expansion Unit Plugin up to 9.88.1.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Profile Setting Handler. Executing manipulation can lead to cross site scripting. This vulnerability is tracked as CVE-2023-27926. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Vektor VK Blocks Plugin and VK Blocks Pro Plugin up to 1.53.0.1 on WordPress. This impacts an unknown function. Such manipulation leads to cross site scripting. This vulnerability is referenced as CVE-2023-27923. It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.

Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.

戴尔 COO Jeffrey Clarke 称 Windows 11 PC 的更新换代速度比 Windows 10 慢。如果以上一代操作系统停止支持这一时间点进行比较，Windows 11 普及率比 Windows 10 落后 10 到 12 个百分点。由于微软提高了硬件需求，现有的 Windows 10 PC 很多无法升级到 Windows 11。Clarke 表示有 5 亿台 PC 无法运行 Windows 11，还有同样数量的 PC 能升级到 Windows 11。戴尔三季度营收为 270 亿美元，同比增长 11%，预计四季度营收将达到 315 亿美元，2026 财年营收将达到 1117 亿美元，分别同比增长 32% 和 17%。

ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, including a critical authentication bypass, tracked as CVE-2025-59366 (CVSS score of 9.2), affecting routers with AiCloud enabled. “Researchers have reported potential vulnerabilities in ASUS Router.  ASUS has […]

New ASUS firmware patches critical AiCloud vulnerability Pierlu

Хакеры захватили эфир американских радиостанций и крутили фейковые тревоги вперемешку с нецензурщиной.

De Stichting Museum der Koninklijke Marechaussee (SMK) schenkt haar collectie aan de Staat der Nederlanden. De commandant van de marechaussee luitenant-generaal Annelore Roelofs tekende gisteren de schenkingsovereenkomst. Met deze gift wordt het erfgoed van de marechaussee  beschermd voor de toekomst, professioneel beheerd en gedeeld met een breed publiek.

HomeChromeEdge 终于支持网站级扩展开关：新增「允许在此网站使用扩展」功能｜可针对任意网站，一键关闭所有扩展

苹果有望时隔十多年再次成为全球最大的智能手机制造商。根据研究机构 Counterpoint Research 的预测，苹果今年推出的 iPhone 17 在美国本土以及中国都取得了成功，推动 iPhone 年销量超过三星手机。Counterpoint Research 预测苹果 iPhone 在 2025 年出货量增长 10%，而三星手机增速预计为 4.6%。苹果 iPhone 年出货量预计达到 2.43 亿部，略高于三星手机的 2.35 亿部。苹果的市场占有率达到 19.4%，三星约为 18.7%。