Aggregator

CVE-2025-8266 | yanyutao0402 ChanCMS up to 3.1.2 collect.js getArticle targetUrl deserialization (ICLP61)

VulDB Recent Entries
2 months ago
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.1.2 and classified as critical. Affected by this vulnerability is the function getArticle of the file app/modules/cms/controller/collect.js. The manipulation of the argument targetUrl leads to deserialization. This vulnerability is known as CVE-2025-8266. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54597 | LinuxServer.io Heimdall up to 2.7.2 q cross site scripting (EUVD-2025-22806)

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, was found in LinuxServer.io Heimdall up to 2.7.2. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. This vulnerability is traded as CVE-2025-54597. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6241 | Lakeside SyStrack prior 10.10.0.42 Environment Variable LsiAgent.exe SYSTEM PATH uncontrolled search path (EUVD-2025-22805)

VulDB Recent Entries
2 months ago
A vulnerability, which was classified as problematic, has been found in Lakeside SyStrack. This issue affects some unknown processing of the file LsiAgent.exe of the component Environment Variable Handler. The manipulation of the argument SYSTEM PATH leads to uncontrolled search path. The identification of this vulnerability is CVE-2025-6241. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5120 | huggingface smolagents up to 1.14.0 local_python_executor.py sandbox (EUVD-2025-22815)

VulDB Recent Entries
2 months ago
A vulnerability classified as critical was found in huggingface smolagents up to 1.14.0. This vulnerability affects unknown code of the file local_python_executor.py. The manipulation leads to sandbox issue. This vulnerability was named CVE-2025-5120. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Stack Exchange 迁移到云端

Solidot
2 months ago
编程问答平台 Stack Exchange 宣布迁移到云端,放弃使用自己的服务器。Stack Exchange 自 2010 年起就在新泽西州的数据中心托管旗下网站,它使用了大约 50 台服务器。如果服务器出现问题,工程师需要去现场更换或重启硬件。2023 年它的 Stack Overflow for Teams 迁移到了微软的 Azure 云,现在 Stack Overflow 和 Stack Exchange 网络托管在了 Google Cloud 云服务上。Stack Overflow 从此不再拥有任何物理数据中心或办公室,完全在云端远程工作。

Week in review: Microsoft SharePoint servers under attack, landing your first cybersecurity job

Help Net Security
2 months ago

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft pins on-prem SharePoint attacks on Chinese threat actors As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones they have detected. How to land your first job in cybersecurity According to LinkedIn, job applications have surged over 45% in the past … More →

The post Week in review: Microsoft SharePoint servers under attack, landing your first cybersecurity job appeared first on Help Net Security.

Help Net Security

Managed ad