Aggregator

Microsoft has introduced a new Windows 11 24H2 upgrade block for systems with AutoCAD 2022, addressing compatibility issues that prevent the program from launching. [...]

本文结合自己对 Fuzz 工程的理解，解析自动化漏洞挖掘的工作流并分析 AI 如何帮助我们改进现有的体系。

本文结合自己对 Fuzz 工程的理解，解析自动化漏洞挖掘的工作流并分析 AI 如何帮助我们改进现有的体系。

作者：ghost461@知道创宇404实验室 时间：2025年2月26日 本文为知道创宇404实验室内部分享沙龙“404 Open Day”的议题内容，作为目前团队AI安全研究系列的一部分，分享出来与大家一同交流学习。 1. 概述 本文受 Google 安全博客的《Leveling Up Fuzzing: Finding more vulnerabilities with AI》启发，结合自...

A vulnerability was found in Adobe Audition up to 23.6.9/24.4.6. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to out-of-bounds read. The identification of this vulnerability is CVE-2024-49536. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in GLPI up to 10.0.16. This vulnerability affects unknown code of the component Cable Form. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-45610. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in GLPI up to 10.0.16. This issue affects some unknown processing of the component RSS Feed. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-45611. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in GLPI up to 10.0.16 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Reports Page. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-45609. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Google Android 6/6.0.1/7/8/8.1. This affects the function ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of the file ESQueue.cpp. The manipulation leads to resource consumption. This vulnerability is uniquely identified as CVE-2017-13313. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in RSA NetWitness 11.7.2.0. Affected is an unknown function of the component Web Interface. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-23169. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in SimpleForm Plugin up to 2.2.0 on WordPress. This issue affects the function add_query_arg/remove_query_arg. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10883. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in FlightPath 7.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Last Name Section. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-50983. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in Ultimate Member Plugin up to 2.9.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. This vulnerability was named CVE-2025-0308. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Ultimate Member Plugin up to 2.9.1 on WordPress. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2025-0318. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The identification of this vulnerability is CVE-2025-0842. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in WP Abstracts Plugin up to 2.7.2 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-12385. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WpMultiStoreLocator WP Multi Store Locator Plugin up to 2.4.7 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. This vulnerability is handled as CVE-2025-24680. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The identification of this vulnerability is CVE-2025-0880. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-0721. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manipulation of the argument image leads to unrestricted upload. This vulnerability was named CVE-2025-0722. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.