Aggregator

От социальных сетей до космоса.

A vulnerability classified as critical was found in Elastic Kibana up to 8.14.x. Affected by this vulnerability is an unknown functionality of the file /api/fleet/health_check. The manipulation leads to server-side request forgery. This vulnerability is known as CVE-2024-43710. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Elastic Kibana up to 8.14.x. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-43707. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Elastic Kibana up to 7.17.22/8.14.x. It has been rated as critical. This issue affects some unknown processing of the file /api/metrics/snapshot of the component Request Handler. The manipulation leads to allocation of resources. The identification of this vulnerability is CVE-2024-52972. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

已有数十名Chrome扩展开发者成为攻击的受害者。

主站 分类 漏洞 工具 极客

记录一次公益SRC常见的cookie注入漏洞

主站 分类 漏洞 工具 极客

A vulnerability was found in SonicWALL SMA1000 up to 12.4.3-02804. It has been declared as very critical. This vulnerability affects unknown code of the component Appliance Management Console/Central Management Console. The manipulation leads to deserialization. This vulnerability was named CVE-2025-23006. The attack can be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

HHS Office for Civil Rights P

HomeChromeGitHub-Freshness – 高亮显示 GitHub 中 1 个月内更新的文件

Network Security / VulnerabilityCisco has released software updates to address a critical security

Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This

U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbrich

Donald Trump pardoned Ross Ulbricht, creator of the notorious dark web, drug marketplace Silk Road , after 11 years in prison. Donald Trump pardoned Ross Ulbricht, creator of Silk Road, who was convicted in 2015 for narcotics and money-laundering conspiracy and sentenced to life. In October 2013, the FBI shut down the popular black market Silk […]

A vulnerability was found in Variation Swatches for WooCommerce Plugin up to 1.3.2 on WordPress. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-13511. It is possible to initiate the attack remotely. There is no exploit available.